Theory Relations
theory Relations imports Main "HOL-Library.LaTeXsugar" "HOL-Library.OptionalSugar" begin section ‹Relations› subsection ‹Basic Conditions› text ‹We recall the standard definitions for reflexivity, symmetry, transitivity, preoders, equivalence, and inverse relations.› abbreviation "preorder Rel ≡ preorder_on UNIV Rel" abbreviation "equivalence Rel ≡ equiv UNIV Rel" text ‹A symmetric preorder is an equivalence.› lemma symm_preorder_is_equivalence: fixes Rel :: "('a × 'a) set" assumes "preorder Rel" and "sym Rel" shows "equivalence Rel" using assms unfolding preorder_on_def equiv_def by simp text ‹The symmetric closure of a relation is the union of this relation and its inverse.› definition symcl :: "('a × 'a) set ⇒ ('a × 'a) set" where "symcl Rel = Rel ∪ Rel¯" text ‹For all (a, b) in R, the symmetric closure of R contains (a, b) as well as (b, a).› lemma elem_of_symcl: fixes Rel :: "('a × 'a) set" and a b :: "'a" assumes elem: "(a, b) ∈ Rel" shows "(a, b) ∈ symcl Rel" and "(b, a) ∈ symcl Rel" by (auto simp add: elem symcl_def) text ‹The symmetric closure of a relation is symmetric.› lemma sym_symcl: fixes Rel :: "('a × 'a) set" shows "sym (symcl Rel)" by (simp add: symcl_def sym_Un_converse) text ‹The reflexive and symmetric closure of a relation is equal to its symmetric and reflexive closure.› lemma refl_symm_closure_is_symm_refl_closure: fixes Rel :: "('a × 'a) set" shows "symcl (Rel⇧=) = (symcl Rel)⇧=" by (auto simp add: symcl_def refl) text ‹The symmetric closure of a reflexive relation is reflexive.› lemma refl_symcl_of_refl_rel: fixes Rel :: "('a × 'a) set" and A :: "'a set" assumes "refl_on A Rel" shows "refl_on A (symcl Rel)" using assms by (auto simp add: refl_on_def' symcl_def) text ‹Accordingly, the reflexive, symmetric, and transitive closure of a relation is equal to its symmetric, reflexive, and transitive closure.› lemma refl_symm_trans_closure_is_symm_refl_trans_closure: fixes Rel :: "('a × 'a) set" shows "(symcl (Rel⇧=))⇧+ = (symcl Rel)⇧*" using refl_symm_closure_is_symm_refl_closure[where Rel="Rel"] by simp text ‹The reflexive closure of a symmetric relation is symmetric.› lemma sym_reflcl_of_symm_rel: fixes Rel :: "('a × 'a) set" assumes "sym Rel" shows "sym (Rel⇧=)" using assms by (simp add: sym_Id sym_Un) text ‹The reflexive closure of a reflexive relation is the relation itself.› lemma reflcl_of_refl_rel: fixes Rel :: "('a × 'a) set" assumes "refl Rel" shows "Rel⇧= = Rel" using assms unfolding refl_on_def by auto text ‹The symmetric closure of a symmetric relation is the relation itself.› lemma symm_closure_of_symm_rel: fixes Rel :: "('a × 'a) set" assumes "sym Rel" shows "symcl Rel = Rel" using assms unfolding symcl_def sym_def by auto text ‹The reflexive and transitive closure of a preorder Rel is Rel.› lemma rtrancl_of_preorder: fixes Rel :: "('a × 'a) set" assumes "preorder Rel" shows "Rel⇧* = Rel" using assms reflcl_of_refl_rel[of Rel] trancl_id[of "Rel⇧="] trancl_reflcl[of Rel] unfolding preorder_on_def by auto text ‹The reflexive and transitive closure of a relation is a subset of its reflexive, symmetric, and transtive closure.› lemma refl_trans_closure_subset_of_refl_symm_trans_closure: fixes Rel :: "('a × 'a) set" shows "Rel⇧* ⊆ (symcl (Rel⇧=))⇧+" proof clarify fix a b assume "(a, b) ∈ Rel⇧*" hence "(a, b) ∈ (symcl Rel)⇧*" using in_rtrancl_UnI[of "(a, b)" "Rel" "Rel¯"] by (simp add: symcl_def) thus "(a, b) ∈ (symcl (Rel⇧=))⇧+" using refl_symm_trans_closure_is_symm_refl_trans_closure[of Rel] by simp qed text ‹If a preorder Rel satisfies the following two conditions, then its symmetric closure is transitive: (1) If (a, b) and (c, b) in Rel but not (a, c) in Rel, then (b, a) in Rel or (b, c) in Rel. (2) If (a, b) and (a, c) in Rel but not (b, c) in Rel, then (b, a) in Rel or (c, a) in Rel. › lemma symm_closure_of_preorder_is_trans: fixes Rel :: "('a × 'a) set" assumes condA: "∀a b c. (a, b) ∈ Rel ∧ (c, b) ∈ Rel ∧ (a, c) ∉ Rel ⟶ (b, a) ∈ Rel ∨ (b, c) ∈ Rel" and condB: "∀a b c. (a, b) ∈ Rel ∧ (a, c) ∈ Rel ∧ (b, c) ∉ Rel ⟶ (b, a) ∈ Rel ∨ (c, a) ∈ Rel" and reflR: "refl Rel" and tranR: "trans Rel" shows "trans (symcl Rel)" unfolding trans_def proof clarify fix a b c have "⟦(a, b) ∈ Rel; (b, c) ∈ Rel⟧ ⟹ (a, c) ∈ symcl Rel" proof - assume "(a, b) ∈ Rel" and "(b, c) ∈ Rel" with tranR have "(a, c) ∈ Rel" unfolding trans_def by blast thus "(a, c) ∈ symcl Rel" by (simp add: symcl_def) qed moreover have "⟦(a, b) ∈ Rel; (c, b) ∈ Rel; (a, c) ∉ Rel⟧ ⟹ (a, c) ∈ symcl Rel" proof - assume A1: "(a, b) ∈ Rel" and A2: "(c, b) ∈ Rel" and "(a, c) ∉ Rel" with condA have "(b, a) ∈ Rel ∨ (b, c) ∈ Rel" by blast thus "(a, c) ∈ symcl Rel" proof auto assume "(b, a) ∈ Rel" with A2 tranR have "(c, a) ∈ Rel" unfolding trans_def by blast thus "(a, c) ∈ symcl Rel" by (simp add: symcl_def) next assume "(b, c) ∈ Rel" with A1 tranR have "(a, c) ∈ Rel" unfolding trans_def by blast thus "(a, c) ∈ symcl Rel" by (simp add: symcl_def) qed qed moreover have "⟦(b, a) ∈ Rel; (b, c) ∈ Rel; (a, c) ∉ Rel⟧ ⟹ (a, c) ∈ symcl Rel" proof - assume B1: "(b, a) ∈ Rel" and B2: "(b, c) ∈ Rel" and "(a, c) ∉ Rel" with condB have "(a, b) ∈ Rel ∨ (c, b) ∈ Rel" by blast thus "(a, c) ∈ symcl Rel" proof auto assume "(a, b) ∈ Rel" with B2 tranR have "(a, c) ∈ Rel" unfolding trans_def by blast thus "(a, c) ∈ symcl Rel" by (simp add: symcl_def) next assume "(c, b) ∈ Rel" with B1 tranR have "(c, a) ∈ Rel" unfolding trans_def by blast thus "(a, c) ∈ symcl Rel" by (simp add: symcl_def) qed qed moreover have "⟦(b, a) ∈ Rel; (c, b) ∈ Rel⟧ ⟹ (a, c) ∈ symcl Rel" proof - assume "(c, b) ∈ Rel" and "(b, a) ∈ Rel" with tranR have "(c, a) ∈ Rel" unfolding trans_def by blast thus "(a, c) ∈ symcl Rel" by (simp add: symcl_def) qed moreover assume "(a, b) ∈ symcl Rel" and "(b, c) ∈ symcl Rel" ultimately show "(a, c) ∈ symcl Rel" by (auto simp add: symcl_def) qed subsection ‹Preservation, Reflection, and Respection of Predicates› text ‹A relation R preserves some predicate P if P(a) implies P(b) for all (a, b) in R.› abbreviation rel_preserves_pred :: "('a × 'a) set ⇒ ('a ⇒ bool) ⇒ bool" where "rel_preserves_pred Rel Pred ≡ ∀a b. (a, b) ∈ Rel ∧ Pred a ⟶ Pred b" abbreviation rel_preserves_binary_pred :: "('a × 'a) set ⇒ ('a ⇒ 'b ⇒ bool) ⇒ bool" where "rel_preserves_binary_pred Rel Pred ≡ ∀a b x. (a, b) ∈ Rel ∧ Pred a x ⟶ Pred b x" text ‹A relation R reflects some predicate P if P(b) implies P(a) for all (a, b) in R.› abbreviation rel_reflects_pred :: "('a × 'a) set ⇒ ('a ⇒ bool) ⇒ bool" where "rel_reflects_pred Rel Pred ≡ ∀a b. (a, b) ∈ Rel ∧ Pred b ⟶ Pred a" abbreviation rel_reflects_binary_pred :: "('a × 'a) set ⇒ ('a ⇒ 'b ⇒ bool) ⇒ bool" where "rel_reflects_binary_pred Rel Pred ≡ ∀a b x. (a, b) ∈ Rel ∧ Pred b x ⟶ Pred a x" text ‹A relation respects a predicate if it preserves and reflects it.› abbreviation rel_respects_pred :: "('a × 'a) set ⇒ ('a ⇒ bool) ⇒ bool" where "rel_respects_pred Rel Pred ≡ rel_preserves_pred Rel Pred ∧ rel_reflects_pred Rel Pred" abbreviation rel_respects_binary_pred :: "('a × 'a) set ⇒ ('a ⇒ 'b ⇒ bool) ⇒ bool" where "rel_respects_binary_pred Rel Pred ≡ rel_preserves_binary_pred Rel Pred ∧ rel_reflects_binary_pred Rel Pred" text ‹For symmetric relations preservation, reflection, and respection of predicates means the same.› lemma symm_relation_impl_preservation_equals_reflection: fixes Rel :: "('a × 'a) set" and Pred :: "'a ⇒ bool" assumes symm: "sym Rel" shows "rel_preserves_pred Rel Pred = rel_reflects_pred Rel Pred" and "rel_preserves_pred Rel Pred = rel_respects_pred Rel Pred" and "rel_reflects_pred Rel Pred = rel_respects_pred Rel Pred" using symm unfolding sym_def by blast+ lemma symm_relation_impl_preservation_equals_reflection_of_binary_predicates: fixes Rel :: "('a × 'a) set" and Pred :: "'a ⇒ 'b ⇒ bool" assumes symm: "sym Rel" shows "rel_preserves_binary_pred Rel Pred = rel_reflects_binary_pred Rel Pred" and "rel_preserves_binary_pred Rel Pred = rel_respects_binary_pred Rel Pred" and "rel_reflects_binary_pred Rel Pred = rel_respects_binary_pred Rel Pred" using symm unfolding sym_def by blast+ text ‹If a relation preserves a predicate then so does its reflexive or/and transitive closure. › lemma preservation_and_closures: fixes Rel :: "('a × 'a) set" and Pred :: "'a ⇒ bool" assumes preservation: "rel_preserves_pred Rel Pred" shows "rel_preserves_pred (Rel⇧=) Pred" and "rel_preserves_pred (Rel⇧+) Pred" and "rel_preserves_pred (Rel⇧*) Pred" proof - from preservation show A: "rel_preserves_pred (Rel⇧=) Pred" by (auto simp add: refl) have B: "⋀Rel. rel_preserves_pred Rel Pred ⟹ rel_preserves_pred (Rel⇧+) Pred" proof clarify fix Rel a b assume "(a, b) ∈ Rel⇧+" and "rel_preserves_pred Rel Pred" and "Pred a" thus "Pred b" by (induct, blast+) qed with preservation show "rel_preserves_pred (Rel⇧+) Pred" by blast from preservation A B[where Rel="Rel⇧="] show "rel_preserves_pred (Rel⇧*) Pred" using trancl_reflcl[of Rel] by blast qed lemma preservation_of_binary_predicates_and_closures: fixes Rel :: "('a × 'a) set" and Pred :: "'a ⇒ 'b ⇒ bool" assumes preservation: "rel_preserves_binary_pred Rel Pred" shows "rel_preserves_binary_pred (Rel⇧=) Pred" and "rel_preserves_binary_pred (Rel⇧+) Pred" and "rel_preserves_binary_pred (Rel⇧*) Pred" proof - from preservation show A: "rel_preserves_binary_pred (Rel⇧=) Pred" by (auto simp add: refl) have B: "⋀Rel. rel_preserves_binary_pred Rel Pred ⟹ rel_preserves_binary_pred (Rel⇧+) Pred" proof clarify fix Rel a b x assume "(a, b) ∈ Rel⇧+" and "rel_preserves_binary_pred Rel Pred" and "Pred a x" thus "Pred b x" by (induct, blast+) qed with preservation show "rel_preserves_binary_pred (Rel⇧+) Pred" by blast from preservation A B[where Rel="Rel⇧="] show "rel_preserves_binary_pred (Rel⇧*) Pred" using trancl_reflcl[of Rel] by fast qed text ‹If a relation reflects a predicate then so does its reflexive or/and transitive closure.› lemma reflection_and_closures: fixes Rel :: "('a × 'a) set" and Pred :: "'a ⇒ bool" assumes reflection: "rel_reflects_pred Rel Pred" shows "rel_reflects_pred (Rel⇧=) Pred" and "rel_reflects_pred (Rel⇧+) Pred" and "rel_reflects_pred (Rel⇧*) Pred" proof - from reflection show A: "rel_reflects_pred (Rel⇧=) Pred" by (auto simp add: refl) have B: "⋀Rel. rel_reflects_pred Rel Pred ⟹ rel_reflects_pred (Rel⇧+) Pred" proof clarify fix Rel a b assume "(a, b) ∈ Rel⇧+" and "rel_reflects_pred Rel Pred" and "Pred b" thus "Pred a" by (induct, blast+) qed with reflection show "rel_reflects_pred (Rel⇧+) Pred" by blast from reflection A B[where Rel="Rel⇧="] show "rel_reflects_pred (Rel⇧*) Pred" using trancl_reflcl[of Rel] by fast qed lemma reflection_of_binary_predicates_and_closures: fixes Rel :: "('a × 'a) set" and Pred :: "'a ⇒ 'b ⇒ bool" assumes reflection: "rel_reflects_binary_pred Rel Pred" shows "rel_reflects_binary_pred (Rel⇧=) Pred" and "rel_reflects_binary_pred (Rel⇧+) Pred" and "rel_reflects_binary_pred (Rel⇧*) Pred" proof - from reflection show A: "rel_reflects_binary_pred (Rel⇧=) Pred" by (auto simp add: refl) have B: "⋀Rel. rel_reflects_binary_pred Rel Pred ⟹ rel_reflects_binary_pred (Rel⇧+) Pred" proof clarify fix Rel a b x assume "(a, b) ∈ Rel⇧+" and "rel_reflects_binary_pred Rel Pred" and "Pred b x" thus "Pred a x" by (induct, blast+) qed with reflection show "rel_reflects_binary_pred (Rel⇧+) Pred" by blast from reflection A B[where Rel="Rel⇧="] show "rel_reflects_binary_pred (Rel⇧*) Pred" using trancl_reflcl[of Rel] by fast qed text ‹If a relation respects a predicate then so does its reflexive, symmetric, or/and transitive closure.› lemma respection_and_closures: fixes Rel :: "('a × 'a) set" and Pred :: "'a ⇒ bool" assumes respection: "rel_respects_pred Rel Pred" shows "rel_respects_pred (Rel⇧=) Pred" and "rel_respects_pred (symcl Rel) Pred" and "rel_respects_pred (Rel⇧+) Pred" and "rel_respects_pred (symcl (Rel⇧=)) Pred" and "rel_respects_pred (Rel⇧*) Pred" and "rel_respects_pred ((symcl (Rel⇧=))⇧+) Pred" proof - from respection show A: "rel_respects_pred (Rel⇧=) Pred" using preservation_and_closures(1)[where Rel="Rel" and Pred="Pred"] reflection_and_closures(1)[where Rel="Rel" and Pred="Pred"] by blast have B: "⋀Rel. rel_respects_pred Rel Pred ⟹ rel_respects_pred (symcl Rel) Pred" proof fix Rel assume B1: "rel_respects_pred Rel Pred" show "rel_preserves_pred (symcl Rel) Pred" proof clarify fix a b assume "(a, b) ∈ symcl Rel" hence "(a, b) ∈ Rel ∨ (b, a) ∈ Rel" by (simp add: symcl_def) moreover assume "Pred a" ultimately show "Pred b" using B1 by blast qed next fix Rel :: "('a × 'a) set" and Pred :: "'a ⇒ bool" assume B2: "rel_respects_pred Rel Pred" show "rel_reflects_pred (symcl Rel) Pred" proof clarify fix a b assume "(a, b) ∈ symcl Rel" hence "(a, b) ∈ Rel ∨ (b, a) ∈ Rel" by (simp add: symcl_def) moreover assume "Pred b" ultimately show "Pred a" using B2 by blast qed qed from respection B[where Rel="Rel"] show "rel_respects_pred (symcl Rel) Pred" by blast have C: "⋀Rel. rel_respects_pred Rel Pred ⟹ rel_respects_pred (Rel⇧+) Pred" proof - fix Rel assume "rel_respects_pred Rel Pred" thus "rel_respects_pred (Rel⇧+) Pred" using preservation_and_closures(2)[where Rel="Rel" and Pred="Pred"] reflection_and_closures(2)[where Rel="Rel" and Pred="Pred"] by blast qed from respection C[where Rel="Rel"] show "rel_respects_pred (Rel⇧+) Pred" by blast from A B[where Rel="Rel⇧="] show "rel_respects_pred (symcl (Rel⇧=)) Pred" by blast from A C[where Rel="Rel⇧="] show "rel_respects_pred (Rel⇧*) Pred" using trancl_reflcl[of Rel] by fast from A B[where Rel="Rel⇧="] C[where Rel="symcl (Rel⇧=)"] show "rel_respects_pred ((symcl (Rel⇧=))⇧+) Pred" by blast qed lemma respection_of_binary_predicates_and_closures: fixes Rel :: "('a × 'a) set" and Pred :: "'a ⇒ 'b ⇒ bool" assumes respection: "rel_respects_binary_pred Rel Pred" shows "rel_respects_binary_pred (Rel⇧=) Pred" and "rel_respects_binary_pred (symcl Rel) Pred" and "rel_respects_binary_pred (Rel⇧+) Pred" and "rel_respects_binary_pred (symcl (Rel⇧=)) Pred" and "rel_respects_binary_pred (Rel⇧*) Pred" and "rel_respects_binary_pred ((symcl (Rel⇧=))⇧+) Pred" proof - from respection show A: "rel_respects_binary_pred (Rel⇧=) Pred" using preservation_of_binary_predicates_and_closures(1)[where Rel="Rel" and Pred="Pred"] reflection_of_binary_predicates_and_closures(1)[where Rel="Rel" and Pred="Pred"] by blast have B: "⋀Rel. rel_respects_binary_pred Rel Pred ⟹ rel_respects_binary_pred (symcl Rel) Pred" proof fix Rel assume B1: "rel_respects_binary_pred Rel Pred" show "rel_preserves_binary_pred (symcl Rel) Pred" proof clarify fix a b x assume "(a, b) ∈ symcl Rel" hence "(a, b) ∈ Rel ∨ (b, a) ∈ Rel" by (simp add: symcl_def) moreover assume "Pred a x" ultimately show "Pred b x" using B1 by blast qed next fix Rel assume B2: "rel_respects_binary_pred Rel Pred" show "rel_reflects_binary_pred (symcl Rel) Pred" proof clarify fix a b x assume "(a, b) ∈ symcl Rel" hence "(a, b) ∈ Rel ∨ (b, a) ∈ Rel" by (simp add: symcl_def) moreover assume "Pred b x" ultimately show "Pred a x" using B2 by blast qed qed from respection B[where Rel="Rel"] show "rel_respects_binary_pred (symcl Rel) Pred" by blast have C: "⋀Rel. rel_respects_binary_pred Rel Pred ⟹ rel_respects_binary_pred (Rel⇧+) Pred" proof - fix Rel assume "rel_respects_binary_pred Rel Pred" thus "rel_respects_binary_pred (Rel⇧+) Pred" using preservation_of_binary_predicates_and_closures(2)[where Rel="Rel" and Pred="Pred"] reflection_of_binary_predicates_and_closures(2)[where Rel="Rel" and Pred="Pred"] by blast qed from respection C[where Rel="Rel"] show "rel_respects_binary_pred (Rel⇧+) Pred" by blast from A B[where Rel="Rel⇧="] show "rel_respects_binary_pred (symcl (Rel⇧=)) Pred" by blast from A C[where Rel="Rel⇧="] show "rel_respects_binary_pred (Rel⇧*) Pred" using trancl_reflcl[of Rel] by fast from A B[where Rel="Rel⇧="] C[where Rel="symcl (Rel⇧=)"] show "rel_respects_binary_pred ((symcl (Rel⇧=))⇧+) Pred" by blast qed end
Theory ProcessCalculi
theory ProcessCalculi imports Relations begin section ‹Process Calculi› text ‹A process calculus is given by a set of process terms (syntax) and a relation on terms (semantics). We consider reduction as well as labelled variants of the semantics.› subsection ‹Reduction Semantics› text ‹A set of process terms and a relation on pairs of terms (called reduction semantics) define a process calculus.› record 'proc processCalculus = Reductions :: "'proc ⇒ 'proc ⇒ bool" text ‹A pair of the reduction relation is called a (reduction) step.› abbreviation step :: "'proc ⇒ 'proc processCalculus ⇒ 'proc ⇒ bool" ("_ ⟼_ _" [70, 70, 70] 80) where "P ⟼Cal Q ≡ Reductions Cal P Q" text ‹We use * to indicate the reflexive and transitive closure of the reduction relation.› primrec nSteps :: "'proc ⇒ 'proc processCalculus ⇒ nat ⇒ 'proc ⇒ bool" ("_ ⟼_⇗_⇖ _" [70, 70, 70, 70] 80) where "P ⟼Cal⇗0⇖ Q = (P = Q)" | "P ⟼Cal⇗Suc n⇖ Q = (∃P'. P ⟼Cal⇗n⇖ P' ∧ P' ⟼Cal Q)" definition steps :: "'proc ⇒ 'proc processCalculus ⇒ 'proc ⇒ bool" ("_ ⟼_* _" [70, 70, 70] 80) where "P ⟼Cal* Q ≡ ∃n. P ⟼Cal⇗n⇖ Q" text ‹A process is divergent, if it can perform an infinite sequence of steps.› definition divergent :: "'proc ⇒ 'proc processCalculus ⇒ bool" ("_ ⟼_ω" [70, 70] 80) where "P ⟼(Cal)ω ≡ ∀P'. P ⟼Cal* P' ⟶ (∃P''. P' ⟼Cal P'')" text ‹Each term can perform an (empty) sequence of steps to itself.› lemma steps_refl: fixes Cal :: "'proc processCalculus" and P :: "'proc" shows "P ⟼Cal* P" proof - have "P ⟼Cal⇗0⇖ P" by simp hence "∃n. P ⟼Cal⇗n⇖ P" by blast thus "P ⟼Cal* P" by (simp add: steps_def) qed text ‹A single step is a sequence of steps of length one.› lemma step_to_steps: fixes Cal :: "'proc processCalculus" and P P' :: "'proc" assumes step: "P ⟼Cal P'" shows "P ⟼Cal* P'" proof - from step have "P ⟼Cal⇗1⇖ P'" by simp thus ?thesis unfolding steps_def by blast qed text ‹If there is a sequence of steps from P to Q and from Q to R, then there is also a sequence of steps from P to R.› lemma nSteps_add: fixes Cal :: "'proc processCalculus" and n1 n2 :: "nat" shows "∀P Q R. P ⟼Cal⇗n1⇖ Q ∧ Q ⟼Cal⇗n2⇖ R ⟶ P ⟼Cal⇗(n1 + n2)⇖ R" proof (induct n2, simp) case (Suc n) assume IH: "∀P Q R. P ⟼Cal⇗n1⇖ Q ∧ Q ⟼Cal⇗n⇖ R ⟶ P ⟼Cal⇗(n1 + n)⇖ R" show ?case proof clarify fix P Q R assume "Q ⟼Cal⇗Suc n⇖ R" from this obtain Q' where A1: "Q ⟼Cal⇗n⇖ Q'" and A2: "Q' ⟼Cal R" by auto assume "P ⟼Cal⇗n1⇖ Q" with A1 IH have "P ⟼Cal⇗(n1 + n)⇖ Q'" by blast with A2 show "P ⟼Cal⇗(n1 + Suc n)⇖ R" by auto qed qed lemma steps_add: fixes Cal :: "'proc processCalculus" and P Q R :: "'proc" assumes A1: "P ⟼Cal* Q" and A2: "Q ⟼Cal* R" shows "P ⟼Cal* R" proof - from A1 obtain n1 where "P ⟼Cal⇗n1⇖ Q" by (auto simp add: steps_def) moreover from A2 obtain n2 where "Q ⟼Cal⇗n2⇖ R" by (auto simp add: steps_def) ultimately have "P ⟼Cal⇗(n1 + n2)⇖ R" using nSteps_add[where Cal="Cal"] by blast thus "P ⟼Cal* R" by (simp add: steps_def, blast) qed subsubsection ‹Observables or Barbs› text ‹We assume a predicate that tests terms for some kind of observables. At this point we do not limit or restrict the kind of observables used for a calculus nor the method to check them.› record ('proc, 'barbs) calculusWithBarbs = Calculus :: "'proc processCalculus" HasBarb :: "'proc ⇒ 'barbs ⇒ bool" ("_↓_" [70, 70] 80) abbreviation hasBarb :: "'proc ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ 'barbs ⇒ bool" ("_↓<_>_" [70, 70, 70] 80) where "P↓<CWB>a ≡ HasBarb CWB P a" text ‹A term reaches a barb if it can evolve to a term that has this barb.› abbreviation reachesBarb :: "'proc ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ 'barbs ⇒ bool" ("_⇓<_>_" [70, 70, 70] 80) where "P⇓<CWB>a ≡ ∃P'. P ⟼(Calculus CWB)* P' ∧ P'↓<CWB>a" text ‹A relation R preserves barbs if whenever (P, Q) in R and P has a barb then also Q has this barb.› abbreviation rel_preserves_barb_set :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ 'barbs set ⇒ bool" where "rel_preserves_barb_set Rel CWB Barbs ≡ rel_preserves_binary_pred Rel (λP a. a ∈ Barbs ∧ P↓<CWB>a)" abbreviation rel_preserves_barbs :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "rel_preserves_barbs Rel CWB ≡ rel_preserves_binary_pred Rel (HasBarb CWB)" lemma preservation_of_barbs_and_set_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "rel_preserves_barbs Rel CWB = (∀Barbs. rel_preserves_barb_set Rel CWB Barbs)" by blast text ‹A relation R reflects barbs if whenever (P, Q) in R and Q has a barb then also P has this barb.› abbreviation rel_reflects_barb_set :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ 'barbs set ⇒ bool" where "rel_reflects_barb_set Rel CWB Barbs ≡ rel_reflects_binary_pred Rel (λP a. a ∈ Barbs ∧ P↓<CWB>a)" abbreviation rel_reflects_barbs :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "rel_reflects_barbs Rel CWB ≡ rel_reflects_binary_pred Rel (HasBarb CWB)" lemma reflection_of_barbs_and_set_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "rel_reflects_barbs Rel CWB = (∀Barbs. rel_reflects_barb_set Rel CWB Barbs)" by blast text ‹A relation respects barbs if it preserves and reflects barbs.› abbreviation rel_respects_barb_set :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ 'barbs set ⇒ bool" where "rel_respects_barb_set Rel CWB Barbs ≡ rel_preserves_barb_set Rel CWB Barbs ∧ rel_reflects_barb_set Rel CWB Barbs" abbreviation rel_respects_barbs :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "rel_respects_barbs Rel CWB ≡ rel_preserves_barbs Rel CWB ∧ rel_reflects_barbs Rel CWB" lemma respection_of_barbs_and_set_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "rel_respects_barbs Rel CWB = (∀Barbs. rel_respects_barb_set Rel CWB Barbs)" by blast text ‹If a relation preserves barbs then so does its reflexive or/and transitive closure.› lemma preservation_of_barbs_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes preservation: "rel_preserves_barbs Rel CWB" shows "rel_preserves_barbs (Rel⇧=) CWB" and "rel_preserves_barbs (Rel⇧+) CWB" and "rel_preserves_barbs (Rel⇧*) CWB" using preservation preservation_of_binary_predicates_and_closures[where Rel="Rel" and Pred="HasBarb CWB"] by blast+ text ‹If a relation reflects barbs then so does its reflexive or/and transitive closure.› lemma reflection_of_barbs_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes reflection: "rel_reflects_barbs Rel CWB" shows "rel_reflects_barbs (Rel⇧=) CWB" and "rel_reflects_barbs (Rel⇧+) CWB" and "rel_reflects_barbs (Rel⇧*) CWB" using reflection reflection_of_binary_predicates_and_closures[where Rel="Rel" and Pred="HasBarb CWB"] by blast+ text ‹If a relation respects barbs then so does its reflexive, symmetric, or/and transitive closure.› lemma respection_of_barbs_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes respection: "rel_respects_barbs Rel CWB" shows "rel_respects_barbs (Rel⇧=) CWB" and "rel_respects_barbs (symcl Rel) CWB" and "rel_respects_barbs (Rel⇧+) CWB" and "rel_respects_barbs (symcl (Rel⇧=)) CWB" and "rel_respects_barbs (Rel⇧*) CWB" and "rel_respects_barbs ((symcl (Rel⇧=))⇧+) CWB" proof - from respection show "rel_respects_barbs (Rel⇧=) CWB" using respection_of_binary_predicates_and_closures(1)[where Rel="Rel" and Pred="HasBarb CWB"] by blast next from respection show "rel_respects_barbs (symcl Rel) CWB" using respection_of_binary_predicates_and_closures(2)[where Rel="Rel" and Pred="HasBarb CWB"] by blast next from respection show "rel_respects_barbs (Rel⇧+) CWB" using respection_of_binary_predicates_and_closures(3)[where Rel="Rel" and Pred="HasBarb CWB"] by blast next from respection show "rel_respects_barbs (symcl (Rel⇧=)) CWB" using respection_of_binary_predicates_and_closures(4)[where Rel="Rel" and Pred="HasBarb CWB"] by blast next from respection show "rel_respects_barbs (Rel⇧*) CWB" using respection_of_binary_predicates_and_closures(5)[where Rel="Rel" and Pred="HasBarb CWB"] by blast next from respection show "rel_respects_barbs ((symcl (Rel⇧=))⇧+) CWB" using respection_of_binary_predicates_and_closures(6)[where Rel="Rel" and Pred="HasBarb CWB"] by blast qed text ‹A relation R weakly preserves barbs if it preserves reachability of barbs, i.e., if (P, Q) in R and P reaches a barb then also Q has to reach this barb.› abbreviation rel_weakly_preserves_barb_set :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ 'barbs set ⇒ bool" where "rel_weakly_preserves_barb_set Rel CWB Barbs ≡ rel_preserves_binary_pred Rel (λP a. a ∈ Barbs ∧ P⇓<CWB>a)" abbreviation rel_weakly_preserves_barbs :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "rel_weakly_preserves_barbs Rel CWB ≡ rel_preserves_binary_pred Rel (λP a. P⇓<CWB>a)" lemma weak_preservation_of_barbs_and_set_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "rel_weakly_preserves_barbs Rel CWB = (∀Barbs. rel_weakly_preserves_barb_set Rel CWB Barbs)" by blast text ‹A relation R weakly reflects barbs if it reflects reachability of barbs, i.e., if (P, Q) in R and Q reaches a barb then also P has to reach this barb.› abbreviation rel_weakly_reflects_barb_set :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ 'barbs set ⇒ bool" where "rel_weakly_reflects_barb_set Rel CWB Barbs ≡ rel_reflects_binary_pred Rel (λP a. a ∈ Barbs ∧ P⇓<CWB>a)" abbreviation rel_weakly_reflects_barbs :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "rel_weakly_reflects_barbs Rel CWB ≡ rel_reflects_binary_pred Rel (λP a. P⇓<CWB>a)" lemma weak_reflection_of_barbs_and_set_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "rel_weakly_reflects_barbs Rel CWB = (∀Barbs. rel_weakly_reflects_barb_set Rel CWB Barbs)" by blast text ‹A relation weakly respects barbs if it weakly preserves and weakly reflects barbs.› abbreviation rel_weakly_respects_barb_set :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ 'barbs set ⇒ bool" where "rel_weakly_respects_barb_set Rel CWB Barbs ≡ rel_weakly_preserves_barb_set Rel CWB Barbs ∧ rel_weakly_reflects_barb_set Rel CWB Barbs" abbreviation rel_weakly_respects_barbs :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "rel_weakly_respects_barbs Rel CWB ≡ rel_weakly_preserves_barbs Rel CWB ∧ rel_weakly_reflects_barbs Rel CWB" lemma weak_respection_of_barbs_and_set_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "rel_weakly_respects_barbs Rel CWB = (∀Barbs. rel_weakly_respects_barb_set Rel CWB Barbs)" by blast text ‹If a relation weakly preserves barbs then so does its reflexive or/and transitive closure. › lemma weak_preservation_of_barbs_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes preservation: "rel_weakly_preserves_barbs Rel CWB" shows "rel_weakly_preserves_barbs (Rel⇧=) CWB" and "rel_weakly_preserves_barbs (Rel⇧+) CWB" and "rel_weakly_preserves_barbs (Rel⇧*) CWB" using preservation preservation_of_binary_predicates_and_closures[where Rel="Rel" and Pred="λP a. P⇓<CWB>a"] by blast+ text ‹If a relation weakly reflects barbs then so does its reflexive or/and transitive closure. › lemma weak_reflection_of_barbs_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes reflection: "rel_weakly_reflects_barbs Rel CWB" shows "rel_weakly_reflects_barbs (Rel⇧=) CWB" and "rel_weakly_reflects_barbs (Rel⇧+) CWB" and "rel_weakly_reflects_barbs (Rel⇧*) CWB" using reflection reflection_of_binary_predicates_and_closures[where Rel="Rel" and Pred="λP a. P⇓<CWB>a"] by blast+ text ‹If a relation weakly respects barbs then so does its reflexive, symmetric, or/and transitive closure.› lemma weak_respection_of_barbs_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes respection: "rel_weakly_respects_barbs Rel CWB" shows "rel_weakly_respects_barbs (Rel⇧=) CWB" and "rel_weakly_respects_barbs (symcl Rel) CWB" and "rel_weakly_respects_barbs (Rel⇧+) CWB" and "rel_weakly_respects_barbs (symcl (Rel⇧=)) CWB" and "rel_weakly_respects_barbs (Rel⇧*) CWB" and "rel_weakly_respects_barbs ((symcl (Rel⇧=))⇧+) CWB" proof - from respection show "rel_weakly_respects_barbs (Rel⇧=) CWB" using respection_of_binary_predicates_and_closures(1)[where Rel="Rel" and Pred="λP a. P⇓<CWB>a"] by blast next from respection show "rel_weakly_respects_barbs (symcl Rel) CWB" using respection_of_binary_predicates_and_closures(2)[where Rel="Rel" and Pred="λP a. P⇓<CWB>a"] by blast next from respection show "rel_weakly_respects_barbs (Rel⇧+) CWB" using respection_of_binary_predicates_and_closures(3)[where Rel="Rel" and Pred="λP a. P⇓<CWB>a"] by blast next from respection show "rel_weakly_respects_barbs (symcl (Rel⇧=)) CWB" using respection_of_binary_predicates_and_closures(4)[where Rel="Rel" and Pred="λP a. P⇓<CWB>a"] by blast next from respection show "rel_weakly_respects_barbs (Rel⇧*) CWB" using respection_of_binary_predicates_and_closures(5)[where Rel="Rel" and Pred="λP a. P⇓<CWB>a"] by blast next from respection show "rel_weakly_respects_barbs ((symcl (Rel⇧=))⇧+) CWB" using respection_of_binary_predicates_and_closures(6)[where Rel="Rel" and Pred="λP a. P⇓<CWB>a"] by blast qed end
Theory SimulationRelations
theory SimulationRelations imports ProcessCalculi begin section ‹Simulation Relations› text ‹Simulation relations are a special kind of property on relations on processes. They usually require that steps are (strongly or weakly) preserved and/or reflected modulo the relation. We consider different kinds of simulation relations.› subsection ‹Simulation› text ‹A weak reduction simulation is relation R such that if (P, Q) in R and P evolves to some P' then there exists some Q' such that Q evolves to Q' and (P', Q') in R.› abbreviation weak_reduction_simulation :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "weak_reduction_simulation Rel Cal ≡ ∀P Q P'. (P, Q) ∈ Rel ∧ P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel)" text ‹A weak barbed simulation is weak reduction simulation that weakly preserves barbs.› abbreviation weak_barbed_simulation :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "weak_barbed_simulation Rel CWB ≡ weak_reduction_simulation Rel (Calculus CWB) ∧ rel_weakly_preserves_barbs Rel CWB" text ‹The reflexive and/or transitive closure of a weak simulation is a weak simulation.› lemma weak_reduction_simulation_and_closures: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes simulation: "weak_reduction_simulation Rel Cal" shows "weak_reduction_simulation (Rel⇧=) Cal" and "weak_reduction_simulation (Rel⇧+) Cal" and "weak_reduction_simulation (Rel⇧*) Cal" proof - from simulation show A: "weak_reduction_simulation (Rel⇧=) Cal" by (auto simp add: refl, blast) have B: "⋀Rel. weak_reduction_simulation Rel Cal ⟹ weak_reduction_simulation (Rel⇧+) Cal" proof clarify fix Rel P Q P' assume B1: "weak_reduction_simulation Rel Cal" assume "(P, Q) ∈ Rel⇧+" and "P ⟼Cal* P'" thus "∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧+" proof (induct arbitrary: P') fix Q P' assume "(P, Q) ∈ Rel" and "P ⟼Cal* P'" with B1 obtain Q' where "Q ⟼Cal* Q'" and "(P', Q') ∈ Rel" by blast thus "∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧+" by auto next case (step Q R P') assume "⋀P'. P ⟼Cal* P' ⟹ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧+)" and "P ⟼Cal* P'" from this obtain Q' where B2: "Q ⟼Cal* Q'" and B3: "(P', Q') ∈ Rel⇧+" by blast assume "(Q, R) ∈ Rel" with B1 B2 obtain R' where B4: "R ⟼Cal* R'" and B5: "(Q', R') ∈ Rel⇧+" by blast from B3 B5 have "(P', R') ∈ Rel⇧+" by simp from B4 this show "∃R'. R ⟼Cal* R' ∧ (P', R') ∈ Rel⇧+" by blast qed qed with simulation show "weak_reduction_simulation (Rel⇧+) Cal" by blast from simulation A B[where Rel="Rel⇧="] show "weak_reduction_simulation (Rel⇧*) Cal" using trancl_reflcl[of Rel] by fast qed lemma weak_barbed_simulation_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes simulation: "weak_barbed_simulation Rel CWB" shows "weak_barbed_simulation (Rel⇧=) CWB" and "weak_barbed_simulation (Rel⇧+) CWB" and "weak_barbed_simulation (Rel⇧*) CWB" proof - from simulation show "weak_barbed_simulation (Rel⇧=) CWB" using weak_reduction_simulation_and_closures(1)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(1)[where Rel="Rel" and CWB="CWB"] by blast next from simulation show "weak_barbed_simulation (Rel⇧+) CWB" using weak_reduction_simulation_and_closures(2)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(2)[where Rel="Rel" and CWB="CWB"] by blast next from simulation show "weak_barbed_simulation (Rel⇧*) CWB" using weak_reduction_simulation_and_closures(3)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(3)[where Rel="Rel" and CWB="CWB"] by blast qed text ‹In the case of a simulation weak preservation of barbs can be replaced by the weaker condition that whenever (P, Q) in the relation and P has a barb then Q have to be able to reach this barb.› abbreviation weak_barbed_preservation_cond :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "weak_barbed_preservation_cond Rel CWB ≡ ∀P Q a. (P, Q) ∈ Rel ∧ P↓<CWB>a ⟶ Q⇓<CWB>a" lemma weak_preservation_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes preservation: "rel_weakly_preserves_barbs Rel CWB" shows "weak_barbed_preservation_cond Rel CWB" proof clarify fix P Q a have "P ⟼(Calculus CWB)* P" by (simp add: steps_refl) moreover assume "P↓<CWB>a" ultimately have "P⇓<CWB>a" by blast moreover assume "(P, Q) ∈ Rel" ultimately show "Q⇓<CWB>a" using preservation by blast qed lemma simulation_impl_equality_of_preservation_of_barbs_conditions: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes simulation: "weak_reduction_simulation Rel (Calculus CWB)" shows "rel_weakly_preserves_barbs Rel CWB = weak_barbed_preservation_cond Rel CWB" proof assume "rel_weakly_preserves_barbs Rel CWB" thus "weak_barbed_preservation_cond Rel CWB" using weak_preservation_of_barbs[where Rel="Rel" and CWB="CWB"] by blast next assume condition: "weak_barbed_preservation_cond Rel CWB" show "rel_weakly_preserves_barbs Rel CWB" proof clarify fix P Q a P' assume "(P, Q) ∈ Rel" and "P ⟼(Calculus CWB)* P'" with simulation obtain Q' where A1: "Q ⟼(Calculus CWB)* Q'" and A2: "(P', Q') ∈ Rel" by blast assume "P'↓<CWB>a" with A2 condition obtain Q'' where A3: "Q' ⟼(Calculus CWB)* Q''" and A4: "Q''↓<CWB>a" by blast from A1 A3 have "Q ⟼(Calculus CWB)* Q''" by (rule steps_add) with A4 show "Q⇓<CWB>a" by blast qed qed text ‹A strong reduction simulation is relation R such that for each pair (P, Q) in R and each step of P to some P' there exists some Q' such that there is a step of Q to Q' and (P', Q') in R.› abbreviation strong_reduction_simulation :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "strong_reduction_simulation Rel Cal ≡ ∀P Q P'. (P, Q) ∈ Rel ∧ P ⟼Cal P' ⟶ (∃Q'. Q ⟼Cal Q' ∧ (P', Q') ∈ Rel)" text ‹A strong barbed simulation is strong reduction simulation that preserves barbs.› abbreviation strong_barbed_simulation :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "strong_barbed_simulation Rel CWB ≡ strong_reduction_simulation Rel (Calculus CWB) ∧ rel_preserves_barbs Rel CWB" text ‹A strong strong simulation is also a weak simulation.› lemma strong_impl_weak_reduction_simulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes simulation: "strong_reduction_simulation Rel Cal" shows "weak_reduction_simulation Rel Cal" proof clarify fix P Q P' assume A1: "(P, Q) ∈ Rel" assume "P ⟼Cal* P'" from this obtain n where "P ⟼Cal⇗n⇖ P'" by (auto simp add: steps_def) thus "∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel" proof (induct n arbitrary: P') case 0 assume "P ⟼Cal⇗0⇖ P'" hence "P = P'" by (simp add: steps_refl) moreover have "Q ⟼Cal* Q" by (rule steps_refl) ultimately show "∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel" using A1 by blast next case (Suc n P'') assume "P ⟼Cal⇗Suc n⇖ P''" from this obtain P' where A2: "P ⟼Cal⇗n⇖P'" and A3: "P' ⟼Cal P''" by auto assume "⋀P'. P ⟼Cal⇗n⇖ P' ⟹ ∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel" with A2 obtain Q' where A4: "Q ⟼Cal* Q'" and A5: "(P', Q') ∈ Rel" by blast from simulation A5 A3 obtain Q'' where A6: "Q' ⟼Cal Q''" and A7: "(P'', Q'') ∈ Rel" by blast from A4 A6 have "Q ⟼Cal* Q''" using steps_add[where P="Q" and Q="Q'" and R="Q''"] by (simp add: step_to_steps) with A7 show "∃Q'. Q ⟼Cal* Q' ∧ (P'', Q') ∈ Rel" by blast qed qed lemma strong_barbed_simulation_impl_weak_preservation_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes simulation: "strong_barbed_simulation Rel CWB" shows "rel_weakly_preserves_barbs Rel CWB" proof clarify fix P Q a P' assume "(P, Q) ∈ Rel" and "P ⟼(Calculus CWB)* P'" with simulation obtain Q' where A1: "Q ⟼(Calculus CWB)* Q'" and A2: "(P', Q') ∈ Rel" using strong_impl_weak_reduction_simulation[where Rel="Rel" and Cal="Calculus CWB"] by blast assume "P'↓<CWB>a" with simulation A2 have "Q'↓<CWB>a" by blast with A1 show "Q⇓<CWB>a" by blast qed lemma strong_impl_weak_barbed_simulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes simulation: "strong_barbed_simulation Rel CWB" shows "weak_barbed_simulation Rel CWB" using simulation strong_impl_weak_reduction_simulation[where Rel="Rel" and Cal="Calculus CWB"] strong_barbed_simulation_impl_weak_preservation_of_barbs[where Rel="Rel" and CWB="CWB"] by blast text ‹The reflexive and/or transitive closure of a strong simulation is a strong simulation.› lemma strong_reduction_simulation_and_closures: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes simulation: "strong_reduction_simulation Rel Cal" shows "strong_reduction_simulation (Rel⇧=) Cal" and "strong_reduction_simulation (Rel⇧+) Cal" and "strong_reduction_simulation (Rel⇧*) Cal" proof - from simulation show A: "strong_reduction_simulation (Rel⇧=) Cal" by (auto simp add: refl, blast) have B: "⋀Rel. strong_reduction_simulation Rel Cal ⟹ strong_reduction_simulation (Rel⇧+) Cal" proof clarify fix Rel P Q P' assume B1: "strong_reduction_simulation Rel Cal" assume "(P, Q) ∈ Rel⇧+" and "P ⟼Cal P'" thus "∃Q'. Q ⟼Cal Q' ∧ (P', Q') ∈ Rel⇧+" proof (induct arbitrary: P') fix Q P' assume "(P, Q) ∈ Rel" and "P ⟼Cal P'" with B1 obtain Q' where "Q ⟼Cal Q'" and "(P', Q') ∈ Rel" by blast thus "∃Q'. Q ⟼Cal Q' ∧ (P', Q') ∈ Rel⇧+" by auto next case (step Q R P') assume "⋀P'. P ⟼Cal P' ⟹ (∃Q'. Q ⟼Cal Q' ∧ (P', Q') ∈ Rel⇧+)" and "P ⟼Cal P'" from this obtain Q' where B2: "Q ⟼Cal Q'" and B3: "(P', Q') ∈ Rel⇧+" by blast assume "(Q, R) ∈ Rel" with B1 B2 obtain R' where B4: "R ⟼Cal R'" and B5: "(Q', R') ∈ Rel⇧+" by blast from B3 B5 have "(P', R') ∈ Rel⇧+" by simp with B4 show "∃R'. R ⟼Cal R' ∧ (P', R') ∈ Rel⇧+" by blast qed qed with simulation show "strong_reduction_simulation (Rel⇧+) Cal" by blast from simulation A B[where Rel="Rel⇧="] show "strong_reduction_simulation (Rel⇧*) Cal" using trancl_reflcl[of Rel] by fast qed lemma strong_barbed_simulation_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes simulation: "strong_barbed_simulation Rel CWB" shows "strong_barbed_simulation (Rel⇧=) CWB" and "strong_barbed_simulation (Rel⇧+) CWB" and "strong_barbed_simulation (Rel⇧*) CWB" proof - from simulation show "strong_barbed_simulation (Rel⇧=) CWB" using strong_reduction_simulation_and_closures(1)[where Rel="Rel" and Cal="Calculus CWB"] preservation_of_barbs_and_closures(1)[where Rel="Rel" and CWB="CWB"] by blast next from simulation show "strong_barbed_simulation (Rel⇧+) CWB" using strong_reduction_simulation_and_closures(2)[where Rel="Rel" and Cal="Calculus CWB"] preservation_of_barbs_and_closures(2)[where Rel="Rel" and CWB="CWB"] by blast next from simulation show "strong_barbed_simulation (Rel⇧*) CWB" using strong_reduction_simulation_and_closures(3)[where Rel="Rel" and Cal="Calculus CWB"] preservation_of_barbs_and_closures(3)[where Rel="Rel" and CWB="CWB"] by blast qed subsection ‹Contrasimulation› text ‹A weak reduction contrasimulation is relation R such that if (P, Q) in R and P evolves to some P' then there exists some Q' such that Q evolves to Q' and (Q', P') in R.› abbreviation weak_reduction_contrasimulation :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "weak_reduction_contrasimulation Rel Cal ≡ ∀P Q P'. (P, Q) ∈ Rel ∧ P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel)" text ‹A weak barbed contrasimulation is weak reduction contrasimulation that weakly preserves barbs.› abbreviation weak_barbed_contrasimulation :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "weak_barbed_contrasimulation Rel CWB ≡ weak_reduction_contrasimulation Rel (Calculus CWB) ∧ rel_weakly_preserves_barbs Rel CWB" text ‹The reflexive and/or transitive closure of a weak contrasimulation is a weak contrasimulation.› lemma weak_reduction_contrasimulation_and_closures: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes contrasimulation: "weak_reduction_contrasimulation Rel Cal" shows "weak_reduction_contrasimulation (Rel⇧=) Cal" and "weak_reduction_contrasimulation (Rel⇧+) Cal" and "weak_reduction_contrasimulation (Rel⇧*) Cal" proof - from contrasimulation show A: "weak_reduction_contrasimulation (Rel⇧=) Cal" by (auto simp add: refl, blast) have B: "⋀Rel. weak_reduction_contrasimulation Rel Cal ⟹ weak_reduction_contrasimulation (Rel⇧+) Cal" proof clarify fix Rel P Q P' assume B1: "weak_reduction_contrasimulation Rel Cal" assume "(P, Q) ∈ Rel⇧+" and "P ⟼Cal* P'" thus "∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel⇧+" proof (induct arbitrary: P') fix Q P' assume "(P, Q) ∈ Rel" and "P ⟼Cal* P'" with B1 obtain Q' where "Q ⟼Cal* Q'" and "(Q', P') ∈ Rel" by blast thus "∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel⇧+" by auto next case (step Q R P') assume "⋀P'. P ⟼Cal* P' ⟹ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel⇧+)" and "P ⟼Cal* P'" from this obtain Q' where B2: "Q ⟼Cal* Q'" and B3: "(Q', P') ∈ Rel⇧+" by blast assume "(Q, R) ∈ Rel" with B1 B2 obtain R' where B4: "R ⟼Cal* R'" and B5: "(R', Q') ∈ Rel⇧+" by blast from B5 B3 have "(R', P') ∈ Rel⇧+" by simp with B4 show "∃R'. R ⟼Cal* R' ∧ (R', P') ∈ Rel⇧+" by blast qed qed with contrasimulation show "weak_reduction_contrasimulation (Rel⇧+) Cal" by blast from contrasimulation A B[where Rel="Rel⇧="] show "weak_reduction_contrasimulation (Rel⇧*) Cal" using trancl_reflcl[of Rel] by fast qed lemma weak_barbed_contrasimulation_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes contrasimulation: "weak_barbed_contrasimulation Rel CWB" shows "weak_barbed_contrasimulation (Rel⇧=) CWB" and "weak_barbed_contrasimulation (Rel⇧+) CWB" and "weak_barbed_contrasimulation (Rel⇧*) CWB" proof - from contrasimulation show "weak_barbed_contrasimulation (Rel⇧=) CWB" using weak_reduction_contrasimulation_and_closures(1)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(1)[where Rel="Rel" and CWB="CWB"] by blast next from contrasimulation show "weak_barbed_contrasimulation (Rel⇧+) CWB" using weak_reduction_contrasimulation_and_closures(2)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(2)[where Rel="Rel" and CWB="CWB"] by blast next from contrasimulation show "weak_barbed_contrasimulation (Rel⇧*) CWB" using weak_reduction_contrasimulation_and_closures(3)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(3)[where Rel="Rel" and CWB="CWB"] by blast qed subsection ‹Coupled Simulation› text ‹A weak reduction coupled simulation is relation R such that if (P, Q) in R and P evolves to some P' then there exists some Q' such that Q evolves to Q' and (P', Q') in R and there exits some Q' such that Q evolves to Q' and (Q', P') in R.› abbreviation weak_reduction_coupled_simulation :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "weak_reduction_coupled_simulation Rel Cal ≡ ∀P Q P'. (P, Q) ∈ Rel ∧ P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel) ∧ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel)" text ‹A weak barbed coupled simulation is weak reduction coupled simulation that weakly preserves barbs.› abbreviation weak_barbed_coupled_simulation :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "weak_barbed_coupled_simulation Rel CWB ≡ weak_reduction_coupled_simulation Rel (Calculus CWB) ∧ rel_weakly_preserves_barbs Rel CWB" text ‹A weak coupled simulation combines the conditions on a weak simulation and a weak contrasimulation.› lemma weak_reduction_coupled_simulation_versus_simulation_and_contrasimulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" shows "weak_reduction_coupled_simulation Rel Cal = (weak_reduction_simulation Rel Cal ∧ weak_reduction_contrasimulation Rel Cal)" by blast lemma weak_barbed_coupled_simulation_versus_simulation_and_contrasimulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "weak_barbed_coupled_simulation Rel CWB = (weak_barbed_simulation Rel CWB ∧ weak_barbed_contrasimulation Rel CWB)" by blast text ‹The reflexive and/or transitive closure of a weak coupled simulation is a weak coupled simulation.› lemma weak_reduction_coupled_simulation_and_closures: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes coupledSimulation: "weak_reduction_coupled_simulation Rel Cal" shows "weak_reduction_coupled_simulation (Rel⇧=) Cal" and "weak_reduction_coupled_simulation (Rel⇧+) Cal" and "weak_reduction_coupled_simulation (Rel⇧*) Cal" using weak_reduction_simulation_and_closures[where Rel="Rel" and Cal="Cal"] weak_reduction_contrasimulation_and_closures[where Rel="Rel" and Cal="Cal"] weak_reduction_coupled_simulation_versus_simulation_and_contrasimulation[where Rel="Rel" and Cal="Cal"] coupledSimulation by auto lemma weak_barbed_coupled_simulation_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes coupledSimulation: "weak_barbed_coupled_simulation Rel CWB" shows "weak_barbed_coupled_simulation (Rel⇧=) CWB" and "weak_barbed_coupled_simulation (Rel⇧+) CWB" and "weak_barbed_coupled_simulation (Rel⇧*) CWB" proof - from coupledSimulation show "weak_barbed_coupled_simulation (Rel⇧=) CWB" using weak_reduction_coupled_simulation_and_closures(1)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(1)[where Rel="Rel" and CWB="CWB"] by blast next from coupledSimulation show "weak_barbed_coupled_simulation (Rel⇧+) CWB" using weak_reduction_coupled_simulation_and_closures(2)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(2)[where Rel="Rel" and CWB="CWB"] by blast next from coupledSimulation show "weak_barbed_coupled_simulation (Rel⇧*) CWB" using weak_reduction_coupled_simulation_and_closures(3)[where Rel="Rel" and Cal="Calculus CWB"] weak_preservation_of_barbs_and_closures(3)[where Rel="Rel" and CWB="CWB"] by blast qed subsection ‹Correspondence Simulation› text ‹A weak reduction correspondence simulation is relation R such that (1) if (P, Q) in R and P evolves to some P' then there exists some Q' such that Q evolves to Q' and (P', Q') in R, and (2) if (P, Q) in R and P evolves to some P' then there exists some P'' and Q'' such that P evolves to P'' and Q' evolves to Q'' and (P'', Q'') in Rel.› abbreviation weak_reduction_correspondence_simulation :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "weak_reduction_correspondence_simulation Rel Cal ≡ (∀P Q P'. (P, Q) ∈ Rel ∧ P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel)) ∧ (∀P Q Q'. (P, Q) ∈ Rel ∧ Q ⟼Cal* Q' ⟶ (∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel))" text ‹A weak barbed correspondence simulation is weak reduction correspondence simulation that weakly respects barbs.› abbreviation weak_barbed_correspondence_simulation :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "weak_barbed_correspondence_simulation Rel CWB ≡ weak_reduction_correspondence_simulation Rel (Calculus CWB) ∧ rel_weakly_respects_barbs Rel CWB" text ‹For each weak correspondence simulation R there exists a weak coupled simulation that contains all pairs of R in both directions.› inductive_set cSim_cs :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ ('proc × 'proc) set" for Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" where left: "⟦Q ⟼Cal* Q'; (P', Q') ∈ Rel⟧ ⟹ (P', Q) ∈ cSim_cs Rel Cal" | right: "⟦P ⟼Cal* P'; (Q, P) ∈ Rel⟧ ⟹ (P', Q) ∈ cSim_cs Rel Cal" | trans: "⟦(P, Q) ∈ cSim_cs Rel Cal; (Q, R) ∈ cSim_cs Rel Cal⟧ ⟹ (P, R) ∈ cSim_cs Rel Cal" lemma weak_reduction_correspondence_simulation_impl_coupled_simulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes corrSim: "weak_reduction_correspondence_simulation Rel Cal" shows "weak_reduction_coupled_simulation (cSim_cs Rel Cal) Cal" and "∀P Q. (P, Q) ∈ Rel ⟶ (P, Q) ∈ cSim_cs Rel Cal ∧ (Q, P) ∈ cSim_cs Rel Cal" proof - show "weak_reduction_coupled_simulation (cSim_cs Rel Cal) Cal" proof (rule allI, rule allI, rule allI, rule impI, erule conjE) fix P Q P' assume "(P, Q) ∈ cSim_cs Rel Cal" and "P ⟼Cal* P'" thus "(∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ cSim_cs Rel Cal) ∧ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ cSim_cs Rel Cal)" proof (induct arbitrary: P') case (left Q Q' P) assume "(P, Q') ∈ Rel" and "P ⟼Cal* P'" with corrSim obtain Q'' where A1: "Q' ⟼Cal* Q''" and A2: "(P', Q'') ∈ Rel" by blast assume A3: "Q ⟼Cal* Q'" from this A1 have A4: "Q ⟼Cal* Q''" by (rule steps_add[where P="Q" and Q="Q'" and R="Q''"]) have "Q'' ⟼Cal* Q''" by (rule steps_refl) with A2 have A5: "(Q'', P') ∈ cSim_cs Rel Cal" by (simp add: cSim_cs.right) from A1 A2 have "(P', Q') ∈ cSim_cs Rel Cal" by (rule cSim_cs.left) with A4 A5 A3 show ?case by blast next case (right P P' Q P'') assume "P ⟼Cal* P'" and "P' ⟼Cal* P''" hence B1: "P ⟼Cal* P''" by (rule steps_add[where P="P" and Q="P'" and R="P''"]) assume B2: "(Q, P) ∈ Rel" with corrSim B1 obtain Q''' P''' where B3: "Q ⟼Cal* Q'''" and B4: "P'' ⟼Cal* P'''" and B5: "(Q''', P''') ∈ Rel" by blast from B4 B5 have B6: "(Q''', P'') ∈ cSim_cs Rel Cal" by (rule cSim_cs.left) have B7: "Q ⟼Cal* Q" by (rule steps_refl) from B1 B2 have "(P'', Q) ∈ cSim_cs Rel Cal" by (rule cSim_cs.right) with B3 B6 B7 show ?case by blast next case (trans P Q R P') assume "P ⟼Cal* P'" and "⋀P'. P ⟼Cal* P' ⟹ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ cSim_cs Rel Cal) ∧ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ cSim_cs Rel Cal)" from this obtain Q1 Q2 where C1: "Q ⟼Cal* Q1" and C2: "(Q1, P') ∈ cSim_cs Rel Cal" and C3: "Q ⟼Cal* Q2" and C4: "(P', Q2) ∈ cSim_cs Rel Cal" by blast assume C5: "⋀Q'. Q ⟼Cal* Q' ⟹ (∃R'. R ⟼Cal* R' ∧ (Q', R') ∈ cSim_cs Rel Cal) ∧ (∃R'. R ⟼Cal* R' ∧ (R', Q') ∈ cSim_cs Rel Cal)" with C1 obtain R1 where C6: "R ⟼Cal* R1" and C7: "(R1, Q1) ∈ cSim_cs Rel Cal" by blast from C7 C2 have C8: "(R1, P') ∈ cSim_cs Rel Cal" by (rule cSim_cs.trans) from C3 C5 obtain R2 where C9: "R ⟼Cal* R2" and C10: "(Q2, R2) ∈ cSim_cs Rel Cal" by blast from C4 C10 have "(P', R2) ∈ cSim_cs Rel Cal" by (rule cSim_cs.trans) with C6 C8 C9 show ?case by blast qed qed next show "∀P Q. (P, Q) ∈ Rel ⟶ (P, Q) ∈ cSim_cs Rel Cal ∧ (Q, P) ∈ cSim_cs Rel Cal" proof clarify fix P Q have "Q ⟼Cal* Q" by (rule steps_refl) moreover assume "(P, Q) ∈ Rel" ultimately show "(P, Q) ∈ cSim_cs Rel Cal ∧ (Q, P) ∈ cSim_cs Rel Cal" by (simp add: cSim_cs.left cSim_cs.right) qed qed lemma weak_barbed_correspondence_simulation_impl_coupled_simulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes corrSim: "weak_barbed_correspondence_simulation Rel CWB" shows "weak_barbed_coupled_simulation (cSim_cs Rel (Calculus CWB)) CWB" and "∀P Q. (P, Q) ∈ Rel ⟶ (P, Q) ∈ cSim_cs Rel (Calculus CWB) ∧ (Q, P) ∈ cSim_cs Rel (Calculus CWB)" proof - show "weak_barbed_coupled_simulation (cSim_cs Rel (Calculus CWB)) CWB" proof from corrSim show "weak_reduction_coupled_simulation (cSim_cs Rel (Calculus CWB)) (Calculus CWB)" using weak_reduction_correspondence_simulation_impl_coupled_simulation(1)[where Rel="Rel" and Cal="Calculus CWB"] by blast next show "rel_weakly_preserves_barbs (cSim_cs Rel (Calculus CWB)) CWB" proof clarify fix P Q a P' assume "(P, Q) ∈ cSim_cs Rel (Calculus CWB)" and "P ⟼(Calculus CWB)* P'" and "P'↓<CWB>a" thus "Q⇓<CWB>a" proof (induct arbitrary: P') case (left Q Q' P P') assume "(P, Q') ∈ Rel" and "P ⟼(Calculus CWB)* P'" and "P'↓<CWB>a" with corrSim obtain Q'' where A1: "Q' ⟼(Calculus CWB)* Q''" and A2: "Q''↓<CWB>a" by blast assume "Q ⟼(Calculus CWB)* Q'" from this A1 have "Q ⟼(Calculus CWB)* Q''" by (rule steps_add) with A2 show "Q⇓<CWB>a" by blast next case (right P P' Q P'') assume "(Q, P) ∈ Rel" moreover assume "P ⟼(Calculus CWB)* P'" and "P' ⟼(Calculus CWB)* P''" hence "P ⟼(Calculus CWB)* P''" by (rule steps_add) moreover assume "P''↓<CWB>a" ultimately show "Q⇓<CWB>a" using corrSim by blast next case (trans P Q R P') assume "⋀P'. P ⟼(Calculus CWB)* P' ⟹ P'↓<CWB>a ⟹ Q⇓<CWB>a" and "P ⟼(Calculus CWB)* P'" and "P'↓<CWB>a" and "⋀Q'. Q ⟼(Calculus CWB)* Q' ⟹ Q'↓<CWB>a ⟹ R⇓<CWB>a" thus "R⇓<CWB>a" by blast qed qed qed next from corrSim show "∀P Q. (P, Q) ∈ Rel ⟶ (P, Q) ∈ cSim_cs Rel (Calculus CWB) ∧ (Q, P) ∈ cSim_cs Rel (Calculus CWB)" using weak_reduction_correspondence_simulation_impl_coupled_simulation(2)[where Rel="Rel" and Cal="Calculus CWB"] by blast qed lemma reduction_correspondence_simulation_condition_trans: fixes Cal :: "'proc processCalculus" and P Q R :: "'proc" and Rel :: "('proc × 'proc) set" assumes A1: "∀Q'. Q ⟼Cal* Q' ⟶ (∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel)" and A2: "∀R'. R ⟼Cal* R' ⟶ (∃Q'' R''. Q ⟼Cal* Q'' ∧ R' ⟼Cal* R'' ∧ (Q'', R'') ∈ Rel)" and A3: "weak_reduction_simulation Rel Cal" and A4: "trans Rel" shows "∀R'. R ⟼Cal* R' ⟶ (∃P'' R''. P ⟼Cal* P'' ∧ R' ⟼Cal* R'' ∧ (P'', R'') ∈ Rel)" proof clarify fix R' assume "R ⟼Cal* R'" with A2 obtain Q'' R'' where A5: "Q ⟼Cal* Q''" and A6: "R' ⟼Cal* R''" and A7: "(Q'', R'') ∈ Rel" by blast from A1 A5 obtain P''' Q''' where A8: "P ⟼Cal* P'''" and A9: "Q'' ⟼Cal* Q'''" and A10: "(P''', Q''') ∈ Rel" by blast from A3 A7 A9 obtain R''' where A11: "R'' ⟼Cal* R'''" and A12: "(Q''', R''') ∈ Rel" by blast from A6 A11 have A13: "R' ⟼Cal* R'''" by (rule steps_add[where P="R'" and Q="R''" and R="R'''"]) from A4 A10 A12 have "(P''', R''') ∈ Rel" unfolding trans_def by blast with A8 A13 show "∃P'' R''. P ⟼Cal* P'' ∧ R' ⟼Cal* R'' ∧ (P'', R'') ∈ Rel" by blast qed text ‹The reflexive and/or transitive closure of a weak correspondence simulation is a weak correspondence simulation.› lemma weak_reduction_correspondence_simulation_and_closures: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes corrSim: "weak_reduction_correspondence_simulation Rel Cal" shows "weak_reduction_correspondence_simulation (Rel⇧=) Cal" and "weak_reduction_correspondence_simulation (Rel⇧+) Cal" and "weak_reduction_correspondence_simulation (Rel⇧*) Cal" proof - show A: "weak_reduction_correspondence_simulation (Rel⇧=) Cal" proof from corrSim show "weak_reduction_simulation (Rel⇧=) Cal" using weak_reduction_simulation_and_closures(1)[where Rel="Rel" and Cal="Cal"] by blast next show "∀P Q Q'. (P, Q) ∈ Rel⇧= ∧ Q ⟼Cal* Q' ⟶ (∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧=)" proof clarify fix P Q Q' assume "(P, Q) ∈ Rel⇧=" and A1: "Q ⟼Cal* Q'" moreover have "P = Q ⟹ ∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧=" proof - assume "P = Q" moreover have "Q' ⟼Cal* Q'" by (rule steps_refl) ultimately show "∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧=" using A1 refl by blast qed moreover have "(P, Q) ∈ Rel ⟹ ∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧=" proof - assume "(P, Q) ∈ Rel" with corrSim A1 obtain P'' Q'' where "P ⟼Cal* P''" and "Q' ⟼Cal* Q''" and "(P'', Q'') ∈ Rel" by blast thus "∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧=" by auto qed ultimately show "∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧=" by auto qed qed have B: "⋀Rel. weak_reduction_correspondence_simulation Rel Cal ⟹ weak_reduction_correspondence_simulation (Rel⇧+) Cal" proof fix Rel assume "weak_reduction_correspondence_simulation Rel Cal" thus "weak_reduction_simulation (Rel⇧+) Cal" using weak_reduction_simulation_and_closures(2)[where Rel="Rel" and Cal="Cal"] by blast next fix Rel assume B1: "weak_reduction_correspondence_simulation Rel Cal" show "∀P Q Q'. (P, Q) ∈ Rel⇧+ ∧ Q ⟼Cal* Q' ⟶ (∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧+)" proof clarify fix P Q Q' assume "(P, Q) ∈ Rel⇧+" and "Q ⟼Cal* Q'" thus "∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧+" proof (induct arbitrary: Q') fix Q Q' assume "(P, Q) ∈ Rel" and "Q ⟼Cal* Q'" with B1 obtain P'' Q'' where B2: "P ⟼Cal* P''" and B3: "Q' ⟼Cal* Q''" and B4: "(P'', Q'') ∈ Rel" by blast from B4 have "(P'', Q'') ∈ Rel⇧+" by simp with B2 B3 show "∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧+" by blast next case (step Q R R') assume "⋀Q'. Q ⟼Cal* Q' ⟹ ∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel⇧+" moreover assume "(Q, R) ∈ Rel" with B1 have "⋀R'. R ⟼Cal* R' ⟹ ∃Q'' R''. Q ⟼Cal* Q'' ∧ R' ⟼Cal* R'' ∧ (Q'', R'') ∈ Rel⇧+" by blast moreover from B1 have "weak_reduction_simulation (Rel⇧+) Cal" using weak_reduction_simulation_and_closures(2)[where Rel="Rel" and Cal="Cal"] by blast moreover have "trans (Rel⇧+)" using trans_trancl[of Rel] by blast moreover assume "R ⟼Cal* R'" ultimately show "∃P'' R''. P ⟼Cal* P'' ∧ R' ⟼Cal* R'' ∧ (P'', R'') ∈ Rel⇧+" using reduction_correspondence_simulation_condition_trans[where Rel="Rel⇧+"] by blast qed qed qed from corrSim B[where Rel="Rel"] show "weak_reduction_correspondence_simulation (Rel⇧+) Cal" by blast from A B[where Rel="Rel⇧="] show "weak_reduction_correspondence_simulation (Rel⇧*) Cal" using trancl_reflcl[of Rel] by auto qed lemma weak_barbed_correspondence_simulation_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes corrSim: "weak_barbed_correspondence_simulation Rel CWB" shows "weak_barbed_correspondence_simulation (Rel⇧=) CWB" and "weak_barbed_correspondence_simulation (Rel⇧+) CWB" and "weak_barbed_correspondence_simulation (Rel⇧*) CWB" proof - from corrSim show "weak_barbed_correspondence_simulation (Rel⇧=) CWB" using weak_reduction_correspondence_simulation_and_closures(1)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(1)[where Rel="Rel" and CWB="CWB"] by fast next from corrSim show "weak_barbed_correspondence_simulation (Rel⇧+) CWB" using weak_reduction_correspondence_simulation_and_closures(2)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(3)[where Rel="Rel" and CWB="CWB"] by blast next from corrSim show "weak_barbed_correspondence_simulation (Rel⇧*) CWB" using weak_reduction_correspondence_simulation_and_closures(3)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(5)[where Rel="Rel" and CWB="CWB"] by blast qed subsection ‹Bisimulation› text ‹A weak reduction bisimulation is relation R such that (1) if (P, Q) in R and P evolves to some P' then there exists some Q' such that Q evolves to Q' and (P', Q') in R, and (2) if (P, Q) in R and Q evolves to some Q' then there exists some P' such that P evolves to P' and (P', Q') in R.› abbreviation weak_reduction_bisimulation :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "weak_reduction_bisimulation Rel Cal ≡ (∀P Q P'. (P, Q) ∈ Rel ∧ P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel)) ∧ (∀P Q Q'. (P, Q) ∈ Rel ∧ Q ⟼Cal* Q' ⟶ (∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel))" text ‹A weak barbed bisimulation is weak reduction bisimulation that weakly respects barbs.› abbreviation weak_barbed_bisimulation :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "weak_barbed_bisimulation Rel CWB ≡ weak_reduction_bisimulation Rel (Calculus CWB) ∧ rel_weakly_respects_barbs Rel CWB" text ‹A symetric weak simulation is a weak bisimulation.› lemma symm_weak_reduction_simulation_is_bisimulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes "sym Rel" and "weak_reduction_simulation Rel Cal" shows "weak_reduction_bisimulation Rel Cal" using assms symD[of Rel] by blast lemma symm_weak_barbed_simulation_is_bisimulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes "sym Rel" and "weak_barbed_simulation Rel Cal" shows "weak_barbed_bisimulation Rel Cal" using assms symD[of Rel] by blast text ‹If a relation as well as its inverse are weak simulations, then this relation is a weak bisimulation.› lemma weak_reduction_simulations_impl_bisimulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes sim: "weak_reduction_simulation Rel Cal" and simInv: "weak_reduction_simulation (Rel¯) Cal" shows "weak_reduction_bisimulation Rel Cal" proof auto fix P Q P' assume "(P, Q) ∈ Rel" and "P ⟼Cal* P'" with sim show "∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel" by simp next fix P Q Q' assume "(P, Q) ∈ Rel" hence "(Q, P) ∈ Rel¯" by simp moreover assume "Q ⟼Cal* Q'" ultimately obtain P' where A1: "P ⟼Cal* P'" and A2: "(Q', P') ∈ Rel¯" using simInv by blast from A2 have "(P', Q') ∈ Rel" by induct with A1 show "∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel" by blast qed lemma weak_reduction_bisimulations_impl_inverse_is_simulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes bisim: "weak_reduction_bisimulation Rel Cal" shows "weak_reduction_simulation (Rel¯) Cal" proof clarify fix P Q P' assume "(Q, P) ∈ Rel" moreover assume "P ⟼Cal* P'" ultimately obtain Q' where A1: "Q ⟼Cal* Q'" and A2: "(Q', P') ∈ Rel" using bisim by blast from A2 have "(P', Q') ∈ Rel¯" by simp with A1 show "∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel¯" by blast qed lemma weak_reduction_simulations_iff_bisimulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" shows "(weak_reduction_simulation Rel Cal ∧ weak_reduction_simulation (Rel¯) Cal) = weak_reduction_bisimulation Rel Cal" using weak_reduction_simulations_impl_bisimulation[where Rel="Rel" and Cal="Cal"] weak_reduction_bisimulations_impl_inverse_is_simulation[where Rel="Rel" and Cal="Cal"] by blast lemma weak_barbed_simulations_iff_bisimulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "(weak_barbed_simulation Rel CWB ∧ weak_barbed_simulation (Rel¯) CWB) = weak_barbed_bisimulation Rel CWB" proof (rule iffI, erule conjE) assume sim: "weak_barbed_simulation Rel CWB" and rev: "weak_barbed_simulation (Rel¯) CWB" hence "weak_reduction_bisimulation Rel (Calculus CWB)" using weak_reduction_simulations_impl_bisimulation[where Rel="Rel" and Cal="Calculus CWB"] by blast moreover from sim have "rel_weakly_preserves_barbs Rel CWB" by simp moreover from rev have "rel_weakly_reflects_barbs Rel CWB" by simp ultimately show "weak_barbed_bisimulation Rel CWB" by blast next assume bisim: "weak_barbed_bisimulation Rel CWB" hence "weak_barbed_simulation Rel CWB" by blast moreover from bisim have "weak_reduction_simulation (Rel¯) (Calculus CWB)" using weak_reduction_bisimulations_impl_inverse_is_simulation[where Rel="Rel"] by simp moreover from bisim have "rel_weakly_reflects_barbs Rel CWB" by blast hence "rel_weakly_preserves_barbs (Rel¯) CWB" by simp ultimately show "weak_barbed_simulation Rel CWB ∧ weak_barbed_simulation (Rel¯) CWB" by blast qed text ‹A weak bisimulation is a weak correspondence simulation.› lemma weak_reduction_bisimulation_is_correspondence_simulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes bisim: "weak_reduction_bisimulation Rel Cal" shows "weak_reduction_correspondence_simulation Rel Cal" proof from bisim show "weak_reduction_simulation Rel Cal" by blast next show "∀P Q Q'. (P, Q) ∈ Rel ∧ Q ⟼Cal* Q' ⟶ (∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel)" proof clarify fix P Q Q' assume "(P, Q) ∈ Rel" and "Q ⟼Cal* Q'" with bisim obtain P' where "P ⟼Cal* P'" and "(P', Q') ∈ Rel" by blast moreover have "Q' ⟼Cal* Q'" by (rule steps_refl) ultimately show "(∃P'' Q''. P ⟼Cal* P'' ∧ Q' ⟼Cal* Q'' ∧ (P'', Q'') ∈ Rel)" by blast qed qed lemma weak_barbed_bisimulation_is_correspondence_simulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes bisim: "weak_barbed_bisimulation Rel CWB" shows "weak_barbed_correspondence_simulation Rel CWB" using bisim weak_reduction_bisimulation_is_correspondence_simulation[where Rel="Rel" and Cal="Calculus CWB"] by blast text ‹The reflexive, symmetric, and/or transitive closure of a weak bisimulation is a weak bisimulation.› lemma weak_reduction_bisimulation_and_closures: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes bisim: "weak_reduction_bisimulation Rel Cal" shows "weak_reduction_bisimulation (Rel⇧=) Cal" and "weak_reduction_bisimulation (symcl Rel) Cal" and "weak_reduction_bisimulation (Rel⇧+) Cal" and "weak_reduction_bisimulation (symcl (Rel⇧=)) Cal" and "weak_reduction_bisimulation (Rel⇧*) Cal" and "weak_reduction_bisimulation ((symcl (Rel⇧=))⇧+) Cal" proof - from bisim show A: "weak_reduction_bisimulation (Rel⇧=) Cal" by (auto simp add: refl, blast+) have B: "⋀Rel. weak_reduction_bisimulation Rel Cal ⟹ weak_reduction_bisimulation (symcl Rel) Cal" by (auto simp add: symcl_def, blast+) from bisim B[where Rel="Rel"] show "weak_reduction_bisimulation (symcl Rel) Cal" by blast have C: "⋀Rel. weak_reduction_bisimulation Rel Cal ⟹ weak_reduction_bisimulation (Rel⇧+) Cal" proof fix Rel assume "weak_reduction_bisimulation Rel Cal" thus "weak_reduction_simulation (Rel⇧+) Cal" using weak_reduction_simulation_and_closures(2)[where Rel="Rel" and Cal="Cal"] by blast next fix Rel assume C1: "weak_reduction_bisimulation Rel Cal" show "∀P Q Q'. (P, Q) ∈ Rel⇧+ ∧ Q ⟼Cal* Q' ⟶ (∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel⇧+)" proof clarify fix P Q Q' assume "(P, Q) ∈ Rel⇧+" and "Q ⟼Cal* Q'" thus "∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel⇧+" proof (induct arbitrary: Q') fix Q Q' assume "(P, Q) ∈ Rel" and "Q ⟼Cal* Q'" with C1 obtain P' where "P ⟼Cal* P'" and "(P', Q') ∈ Rel" by blast thus "∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel⇧+" by auto next case (step Q R R') assume "(Q, R) ∈ Rel" and "R ⟼Cal* R'" with C1 obtain Q' where C2: "Q ⟼Cal* Q'" and C3: "(Q', R') ∈ Rel⇧+" by blast assume "⋀Q'. Q ⟼Cal* Q' ⟹ ∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel⇧+" with C2 obtain P' where C4: "P ⟼Cal* P'" and C5: "(P', Q') ∈ Rel⇧+" by blast from C5 C3 have "(P', R') ∈ Rel⇧+" by simp with C4 show "∃P'. P ⟼Cal* P' ∧ (P', R') ∈ Rel⇧+" by blast qed qed qed from bisim C[where Rel="Rel"] show "weak_reduction_bisimulation (Rel⇧+) Cal" by blast from A B[where Rel="Rel⇧="] show "weak_reduction_bisimulation (symcl (Rel⇧=)) Cal" by blast from A C[where Rel="Rel⇧="] show "weak_reduction_bisimulation (Rel⇧*) Cal" using trancl_reflcl[of Rel] by auto from A B[where Rel="Rel⇧="] C[where Rel="symcl (Rel⇧=)"] show "weak_reduction_bisimulation ((symcl (Rel⇧=))⇧+) Cal" by blast qed lemma weak_barbed_bisimulation_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes bisim: "weak_barbed_bisimulation Rel CWB" shows "weak_barbed_bisimulation (Rel⇧=) CWB" and "weak_barbed_bisimulation (symcl Rel) CWB" and "weak_barbed_bisimulation (Rel⇧+) CWB" and "weak_barbed_bisimulation (symcl (Rel⇧=)) CWB" and "weak_barbed_bisimulation (Rel⇧*) CWB" and "weak_barbed_bisimulation ((symcl (Rel⇧=))⇧+) CWB" proof - from bisim show "weak_barbed_bisimulation (Rel⇧=) CWB" using weak_reduction_bisimulation_and_closures(1)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(1)[where Rel="Rel" and CWB="CWB"] by fast next from bisim show "weak_barbed_bisimulation (symcl Rel) CWB" using weak_reduction_bisimulation_and_closures(2)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(2)[where Rel="Rel" and CWB="CWB"] by blast next from bisim show "weak_barbed_bisimulation (Rel⇧+) CWB" using weak_reduction_bisimulation_and_closures(3)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(3)[where Rel="Rel" and CWB="CWB"] by blast next from bisim show "weak_barbed_bisimulation (symcl (Rel⇧=)) CWB" using weak_reduction_bisimulation_and_closures(4)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(4)[where Rel="Rel" and CWB="CWB"] by blast next from bisim show "weak_barbed_bisimulation (Rel⇧*) CWB" using weak_reduction_bisimulation_and_closures(5)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(5)[where Rel="Rel" and CWB="CWB"] by blast next from bisim show "weak_barbed_bisimulation ((symcl (Rel⇧=))⇧+) CWB" using weak_reduction_bisimulation_and_closures(6)[where Rel="Rel" and Cal="Calculus CWB"] weak_respection_of_barbs_and_closures(6)[where Rel="Rel" and CWB="CWB"] by blast qed text ‹A strong reduction bisimulation is relation R such that (1) if (P, Q) in R and P' is a derivative of P then there exists some Q' such that Q' is a derivative of Q and (P', Q') in R, and (2) if (P, Q) in R and Q' is a derivative of Q then there exists some P' such that P' is a derivative of P and (P', Q') in R.› abbreviation strong_reduction_bisimulation :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "strong_reduction_bisimulation Rel Cal ≡ (∀P Q P'. (P, Q) ∈ Rel ∧ P ⟼Cal P' ⟶ (∃Q'. Q ⟼Cal Q' ∧ (P', Q') ∈ Rel)) ∧ (∀P Q Q'. (P, Q) ∈ Rel ∧ Q ⟼Cal Q' ⟶ (∃P'. P ⟼Cal P' ∧ (P', Q') ∈ Rel))" text ‹A strong barbed bisimulation is strong reduction bisimulation that respects barbs.› abbreviation strong_barbed_bisimulation :: "('proc × 'proc) set ⇒ ('proc, 'barbs) calculusWithBarbs ⇒ bool" where "strong_barbed_bisimulation Rel CWB ≡ strong_reduction_bisimulation Rel (Calculus CWB) ∧ rel_respects_barbs Rel CWB" text ‹A symetric strong simulation is a strong bisimulation.› lemma symm_strong_reduction_simulation_is_bisimulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes "sym Rel" and "strong_reduction_simulation Rel Cal" shows "strong_reduction_bisimulation Rel Cal" using assms symD[of Rel] by blast lemma symm_strong_barbed_simulation_is_bisimulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes "sym Rel" and "strong_barbed_simulation Rel CWB" shows "strong_barbed_bisimulation Rel CWB" using assms symD[of Rel] by blast text ‹If a relation as well as its inverse are strong simulations, then this relation is a strong bisimulation.› lemma strong_reduction_simulations_impl_bisimulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes sim: "strong_reduction_simulation Rel Cal" and simInv: "strong_reduction_simulation (Rel¯) Cal" shows "strong_reduction_bisimulation Rel Cal" proof auto fix P Q P' assume "(P, Q) ∈ Rel" and "P ⟼Cal P'" with sim show "∃Q'. Q ⟼Cal Q' ∧ (P', Q') ∈ Rel" by simp next fix P Q Q' assume "(P, Q) ∈ Rel" hence "(Q, P) ∈ Rel¯" by simp moreover assume "Q ⟼Cal Q'" ultimately obtain P' where A1: "P ⟼Cal P'" and A2: "(Q', P') ∈ Rel¯" using simInv by blast from A2 have "(P', Q') ∈ Rel" by induct with A1 show "∃P'. P ⟼Cal P' ∧ (P', Q') ∈ Rel" by blast qed lemma strong_reduction_bisimulations_impl_inverse_is_simulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes bisim: "strong_reduction_bisimulation Rel Cal" shows "strong_reduction_simulation (Rel¯) Cal" proof clarify fix P Q P' assume "(Q, P) ∈ Rel" moreover assume "P ⟼Cal P'" ultimately obtain Q' where A1: "Q ⟼Cal Q'" and A2: "(Q', P') ∈ Rel" using bisim by blast from A2 have "(P', Q') ∈ Rel¯" by simp with A1 show "∃Q'. Q ⟼Cal Q' ∧ (P', Q') ∈ Rel¯" by blast qed lemma strong_reduction_simulations_iff_bisimulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" shows "(strong_reduction_simulation Rel Cal ∧ strong_reduction_simulation (Rel¯) Cal) = strong_reduction_bisimulation Rel Cal" using strong_reduction_simulations_impl_bisimulation[where Rel="Rel" and Cal="Cal"] strong_reduction_bisimulations_impl_inverse_is_simulation[where Rel="Rel"] by blast lemma strong_barbed_simulations_iff_bisimulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" shows "(strong_barbed_simulation Rel CWB ∧ strong_barbed_simulation (Rel¯) CWB) = strong_barbed_bisimulation Rel CWB" proof (rule iffI, erule conjE) assume sim: "strong_barbed_simulation Rel CWB" and rev: "strong_barbed_simulation (Rel¯) CWB" hence "strong_reduction_bisimulation Rel (Calculus CWB)" using strong_reduction_simulations_impl_bisimulation[where Rel="Rel" and Cal="Calculus CWB"] by blast moreover from sim have "rel_preserves_barbs Rel CWB" by simp moreover from rev have "rel_reflects_barbs Rel CWB" by simp ultimately show "strong_barbed_bisimulation Rel CWB" by blast next assume bisim: "strong_barbed_bisimulation Rel CWB" hence "strong_barbed_simulation Rel CWB" by blast moreover from bisim have "strong_reduction_simulation (Rel¯) (Calculus CWB)" using strong_reduction_bisimulations_impl_inverse_is_simulation[where Rel="Rel"] by simp moreover from bisim have "rel_reflects_barbs Rel CWB" by blast hence "rel_preserves_barbs (Rel¯) CWB" by simp ultimately show "strong_barbed_simulation Rel CWB ∧ strong_barbed_simulation (Rel¯) CWB" by blast qed text ‹A strong bisimulation is a weak bisimulation.› lemma strong_impl_weak_reduction_bisimulation: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes bisim: "strong_reduction_bisimulation Rel Cal" shows "weak_reduction_bisimulation Rel Cal" proof from bisim show "weak_reduction_simulation Rel Cal" using strong_impl_weak_reduction_simulation[where Rel="Rel" and Cal="Cal"] by blast next show "∀P Q Q'. (P, Q) ∈ Rel ∧ Q ⟼Cal* Q' ⟶ (∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel)" proof clarify fix P Q Q' assume A1: "(P, Q) ∈ Rel" assume "Q ⟼Cal* Q'" from this obtain n where "Q ⟼Cal⇗n⇖ Q'" by (auto simp add: steps_def) thus "∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel" proof (induct n arbitrary: Q') case 0 assume "Q ⟼Cal⇗0⇖ Q'" hence "Q = Q'" by (simp add: steps_refl) moreover have "P ⟼Cal* P" by (rule steps_refl) ultimately show "∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel" using A1 by blast next case (Suc n Q'') assume "Q ⟼Cal⇗Suc n⇖ Q''" from this obtain Q' where A2: "Q ⟼Cal⇗n⇖Q'" and A3: "Q' ⟼Cal Q''" by auto assume "⋀Q'. Q ⟼Cal⇗n⇖ Q' ⟹ ∃P'. P ⟼Cal* P' ∧ (P', Q') ∈ Rel" with A2 obtain P' where A4: "P ⟼Cal* P'" and A5: "(P', Q') ∈ Rel" by blast from bisim A5 A3 obtain P'' where A6: "P' ⟼Cal P''" and A7: "(P'', Q'') ∈ Rel" by blast from A4 A6 have "P ⟼Cal* P''" using steps_add[where P="P" and Q="P'" and R="P''"] by (simp add: step_to_steps) with A7 show "∃P'. P ⟼Cal* P' ∧ (P', Q'') ∈ Rel" by blast qed qed qed lemma strong_barbed_bisimulation_impl_weak_respection_of_barbs: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes bisim: "strong_barbed_bisimulation Rel CWB" shows "rel_weakly_respects_barbs Rel CWB" proof from bisim show "rel_weakly_preserves_barbs Rel CWB" using strong_barbed_simulation_impl_weak_preservation_of_barbs[where Rel="Rel" and CWB="CWB"] by blast next show "rel_weakly_reflects_barbs Rel CWB" proof clarify fix P Q a Q' assume "(P, Q) ∈ Rel" and "Q ⟼(Calculus CWB)* Q'" with bisim obtain P' where A1: "P ⟼(Calculus CWB)* P'" and A2: "(P', Q') ∈ Rel" using strong_impl_weak_reduction_bisimulation[where Rel="Rel" and Cal="Calculus CWB"] by blast assume "Q'↓<CWB>a" with bisim A2 have "P'↓<CWB>a" by blast with A1 show "P⇓<CWB>a" by blast qed qed lemma strong_impl_weak_barbed_bisimulation: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes bisim: "strong_barbed_bisimulation Rel CWB" shows "weak_barbed_bisimulation Rel CWB" using bisim strong_impl_weak_reduction_bisimulation[where Rel="Rel" and Cal="Calculus CWB"] strong_barbed_bisimulation_impl_weak_respection_of_barbs[where Rel="Rel" and CWB="CWB"] by blast text ‹The reflexive, symmetric, and/or transitive closure of a strong bisimulation is a strong bisimulation.› lemma strong_reduction_bisimulation_and_closures: fixes Rel :: "('proc × 'proc) set" and Cal :: "'proc processCalculus" assumes bisim: "strong_reduction_bisimulation Rel Cal" shows "strong_reduction_bisimulation (Rel⇧=) Cal" and "strong_reduction_bisimulation (symcl Rel) Cal" and "strong_reduction_bisimulation (Rel⇧+) Cal" and "strong_reduction_bisimulation (symcl (Rel⇧=)) Cal" and "strong_reduction_bisimulation (Rel⇧*) Cal" and "strong_reduction_bisimulation ((symcl (Rel⇧=))⇧+) Cal" proof - from bisim show A: "strong_reduction_bisimulation (Rel⇧=) Cal" by (auto simp add: refl, blast+) have B: "⋀Rel. strong_reduction_bisimulation Rel Cal ⟹ strong_reduction_bisimulation (symcl Rel) Cal" by (auto simp add: symcl_def, blast+) from bisim B[where Rel="Rel"] show "strong_reduction_bisimulation (symcl Rel) Cal" by blast have C: "⋀Rel. strong_reduction_bisimulation Rel Cal ⟹ strong_reduction_bisimulation (Rel⇧+) Cal" proof fix Rel assume "strong_reduction_bisimulation Rel Cal" thus "strong_reduction_simulation (Rel⇧+) Cal" using strong_reduction_simulation_and_closures(2)[where Rel="Rel" and Cal="Cal"] by blast next fix Rel assume C1: "strong_reduction_bisimulation Rel Cal" show "∀P Q Q'. (P, Q) ∈ Rel⇧+ ∧ Q ⟼Cal Q' ⟶ (∃P'. P ⟼Cal P' ∧ (P', Q') ∈ Rel⇧+)" proof clarify fix P Q Q' assume "(P, Q) ∈ Rel⇧+" and "Q ⟼Cal Q'" thus "∃P'. P ⟼Cal P' ∧ (P', Q') ∈ Rel⇧+" proof (induct arbitrary: Q') fix Q Q' assume "(P, Q) ∈ Rel" and "Q ⟼Cal Q'" with C1 obtain P' where "P ⟼Cal P'" and "(P', Q') ∈ Rel" by blast thus "∃P'. P ⟼Cal P' ∧ (P', Q') ∈ Rel⇧+" by auto next case (step Q R R') assume "(Q, R) ∈ Rel" and "R ⟼Cal R'" with C1 obtain Q' where C2: "Q ⟼Cal Q'" and C3: "(Q', R') ∈ Rel⇧+" by blast assume "⋀Q'. Q ⟼Cal Q' ⟹ ∃P'. P ⟼Cal P' ∧ (P', Q') ∈ Rel⇧+" with C2 obtain P' where C4: "P ⟼Cal P'" and C5: "(P', Q') ∈ Rel⇧+" by blast from C5 C3 have "(P', R') ∈ Rel⇧+" by simp with C4 show "∃P'. P ⟼Cal P' ∧ (P', R') ∈ Rel⇧+" by blast qed qed qed from bisim C[where Rel="Rel"] show "strong_reduction_bisimulation (Rel⇧+) Cal" by blast from A B[where Rel="Rel⇧="] show "strong_reduction_bisimulation (symcl (Rel⇧=)) Cal" by blast from A C[where Rel="Rel⇧="] show "strong_reduction_bisimulation (Rel⇧*) Cal" using trancl_reflcl[of Rel] by auto from A B[where Rel="Rel⇧="] C[where Rel="symcl (Rel⇧=)"] show "strong_reduction_bisimulation ((symcl (Rel⇧=))⇧+) Cal" by blast qed lemma strong_barbed_bisimulation_and_closures: fixes Rel :: "('proc × 'proc) set" and CWB :: "('proc, 'barbs) calculusWithBarbs" assumes bisim: "strong_barbed_bisimulation Rel CWB" shows "strong_barbed_bisimulation (Rel⇧=) CWB" and "strong_barbed_bisimulation (symcl Rel) CWB" and "strong_barbed_bisimulation (Rel⇧+) CWB" and "strong_barbed_bisimulation (symcl (Rel⇧=)) CWB" and "strong_barbed_bisimulation (Rel⇧*) CWB" and "strong_barbed_bisimulation ((symcl (Rel⇧=))⇧+) CWB" proof - from bisim show "strong_barbed_bisimulation (Rel⇧=) CWB" using strong_reduction_bisimulation_and_closures(1)[where Rel="Rel" and Cal="Calculus CWB"] respection_of_barbs_and_closures(1)[where Rel="Rel" and CWB="CWB"] by fast next from bisim show "strong_barbed_bisimulation (symcl Rel) CWB" using strong_reduction_bisimulation_and_closures(2)[where Rel="Rel" and Cal="Calculus CWB"] respection_of_barbs_and_closures(2)[where Rel="Rel" and CWB="CWB"] by blast next from bisim show "strong_barbed_bisimulation (Rel⇧+) CWB" using strong_reduction_bisimulation_and_closures(3)[where Rel="Rel" and Cal="Calculus CWB"] respection_of_barbs_and_closures(3)[where Rel="Rel" and CWB="CWB"] by blast next from bisim show "strong_barbed_bisimulation (symcl (Rel⇧=)) CWB" using strong_reduction_bisimulation_and_closures(4)[where Rel="Rel" and Cal="Calculus CWB"] respection_of_barbs_and_closures(4)[where Rel="Rel" and CWB="CWB"] by blast next from bisim show "strong_barbed_bisimulation (Rel⇧*) CWB" using strong_reduction_bisimulation_and_closures(5)[where Rel="Rel" and Cal="Calculus CWB"] respection_of_barbs_and_closures(5)[where Rel="Rel" and CWB="CWB"] by blast next from bisim show "strong_barbed_bisimulation ((symcl (Rel⇧=))⇧+) CWB" using strong_reduction_bisimulation_and_closures(6)[where Rel="Rel" and Cal="Calculus CWB"] respection_of_barbs_and_closures(6)[where Rel="Rel" and CWB="CWB"] by blast qed subsection ‹Step Closure of Relations› text ‹The step closure of a relation on process terms is the transitive closure of the union of the relation and the inverse of the reduction relation of the respective calculus.› inductive_set stepsClosure :: "('a × 'a) set ⇒ 'a processCalculus ⇒ ('a × 'a) set" for Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" where rel: "(P, Q) ∈ Rel ⟹ (P, Q) ∈ stepsClosure Rel Cal" | steps: "P ⟼Cal* P' ⟹ (P', P) ∈ stepsClosure Rel Cal" | trans: "⟦(P, Q) ∈ stepsClosure Rel Cal; (Q, R) ∈ stepsClosure Rel Cal⟧ ⟹ (P, R) ∈ stepsClosure Rel Cal" abbreviation stepsClosureInfix :: "'a ⇒ ('a × 'a) set ⇒ 'a processCalculus ⇒ 'a ⇒ bool" ("_ ℛ↦<_,_> _" [75, 75, 75, 75] 80) where "P ℛ↦<Rel,Cal> Q ≡ (P, Q) ∈ stepsClosure Rel Cal" text ‹Applying the steps closure twice does not change the relation.› lemma steps_closure_of_steps_closure: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" shows "stepsClosure (stepsClosure Rel Cal) Cal = stepsClosure Rel Cal" proof auto fix P Q assume "P ℛ↦<stepsClosure Rel Cal,Cal> Q" thus "P ℛ↦<Rel,Cal> Q" proof induct case (rel P Q) assume "P ℛ↦<Rel,Cal> Q" thus "P ℛ↦<Rel,Cal> Q" by simp next case (steps P P') assume "P ⟼Cal* P'" thus "P' ℛ↦<Rel,Cal> P" by (rule stepsClosure.steps) next case (trans P Q R) assume "P ℛ↦<Rel,Cal> Q" and "Q ℛ↦<Rel,Cal> R" thus "P ℛ↦<Rel,Cal> R" by (rule stepsClosure.trans) qed next fix P Q assume "P ℛ↦<Rel,Cal> Q" thus "P ℛ↦<stepsClosure Rel Cal,Cal> Q" by (rule stepsClosure.rel) qed text ‹The steps closure is a preorder.› lemma stepsClosure_refl: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" shows "refl (stepsClosure Rel Cal)" unfolding refl_on_def proof auto fix P have "P ⟼Cal* P" by (rule steps_refl) thus "P ℛ↦<Rel,Cal> P" by (rule stepsClosure.steps) qed lemma refl_trans_closure_of_rel_impl_steps_closure: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" and P Q :: "'a" assumes "(P, Q) ∈ Rel⇧*" shows "P ℛ↦<Rel,Cal> Q" using assms proof induct show "P ℛ↦<Rel,Cal> P" using stepsClosure_refl[of Rel Cal] unfolding refl_on_def by simp next case (step Q R) assume "(Q, R) ∈ Rel" and "P ℛ↦<Rel,Cal> Q" thus "P ℛ↦<Rel,Cal> R" using stepsClosure.rel[of Q R Rel Cal] stepsClosure.trans[of P Q Rel Cal R] by blast qed text ‹The steps closure of a relation is always a weak reduction simulation.› lemma steps_closure_is_weak_reduction_simulation: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" shows "weak_reduction_simulation (stepsClosure Rel Cal) Cal" proof clarify fix P Q P' assume "P ℛ↦<Rel,Cal> Q" and "P ⟼Cal* P'" thus "∃Q'. Q ⟼Cal* Q' ∧ P' ℛ↦<Rel,Cal> Q'" proof (induct arbitrary: P') case (rel P Q) assume "P ⟼Cal* P'" hence "P' ℛ↦<Rel,Cal> P" by (rule stepsClosure.steps) moreover assume "(P, Q) ∈ Rel" hence "P ℛ↦<Rel,Cal> Q" by (simp add: stepsClosure.rel) ultimately have "P' ℛ↦<Rel,Cal> Q" by (rule stepsClosure.trans) thus "∃Q'. Q ⟼Cal* Q' ∧ P' ℛ↦<Rel,Cal> Q'" using steps_refl[where Cal="Cal" and P="Q"] by blast next case (steps P P' P'') assume "P ⟼Cal* P'" and "P' ⟼Cal* P''" hence "P ⟼Cal* P''" by (rule steps_add) moreover have "P'' ℛ↦<Rel,Cal> P''" using stepsClosure_refl[where Rel="Rel" and Cal="Cal"] unfolding refl_on_def by simp ultimately show "∃Q'. P ⟼Cal* Q' ∧ P'' ℛ↦<Rel,Cal> Q'" by blast next case (trans P Q R) assume "P ⟼Cal* P'" and "⋀P'. P ⟼Cal* P' ⟹ ∃Q'. Q ⟼Cal* Q' ∧ P' ℛ↦<Rel,Cal> Q'" from this obtain Q' where A1: "Q ⟼Cal* Q'" and A2: "P' ℛ↦<Rel,Cal> Q'" by blast assume "⋀Q'. Q ⟼Cal* Q' ⟹ ∃R'. R ⟼Cal* R' ∧ Q' ℛ↦<Rel,Cal> R'" with A1 obtain R' where A3: "R ⟼Cal* R'" and A4: "Q' ℛ↦<Rel,Cal> R'" by blast from A2 A4 have "P' ℛ↦<Rel,Cal> R'" by (rule stepsClosure.trans) with A3 show "∃R'. R ⟼Cal* R' ∧ P' ℛ↦<Rel,Cal> R'" by blast qed qed text ‹If Rel is a weak simulation and its inverse is a weak contrasimulation, then the steps closure of Rel is a contrasimulation.› lemma inverse_contrasimulation_impl_reverse_pair_in_steps_closure: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" and P Q :: "'a" assumes con: "weak_reduction_contrasimulation (Rel¯) Cal" and pair: "(P, Q) ∈ Rel" shows "Q ℛ↦<Rel,Cal> P" proof - from pair have "(Q, P) ∈ Rel¯" by simp moreover have "Q ⟼Cal* Q" by (rule steps_refl) ultimately obtain P' where A1: "P ⟼Cal* P'" and A2: "(P', Q) ∈ Rel¯" using con by blast from A2 have "Q ℛ↦<Rel,Cal> P'" by (simp add: stepsClosure.rel) moreover from A1 have "P' ℛ↦<Rel,Cal> P" by (rule stepsClosure.steps) ultimately show "Q ℛ↦<Rel,Cal> P" by (rule stepsClosure.trans) qed lemma simulation_and_inverse_contrasimulation_impl_steps_closure_is_contrasimulation: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" assumes sim: "weak_reduction_simulation Rel Cal" and con: "weak_reduction_contrasimulation (Rel¯) Cal" shows "weak_reduction_contrasimulation (stepsClosure Rel Cal) Cal" proof clarify fix P Q P' assume "P ℛ↦<Rel,Cal> Q" and "P ⟼Cal* P'" thus "∃Q'. Q ⟼Cal* Q' ∧ Q' ℛ↦<Rel,Cal> P'" proof (induct arbitrary: P') case (rel P Q) assume "(P, Q) ∈ Rel" and "P ⟼Cal* P'" with sim obtain Q' where A1: "Q ⟼Cal* Q'" and A2: "(P', Q') ∈ Rel" by blast from A2 con have "Q' ℛ↦<Rel,Cal> P'" using inverse_contrasimulation_impl_reverse_pair_in_steps_closure[where Rel="Rel"] by blast with A1 show "∃Q'. Q ⟼Cal* Q' ∧ Q' ℛ↦<Rel,Cal> P'" by blast next case (steps P P' P'') assume "P ⟼Cal* P'" and "P' ⟼Cal* P''" hence "P ⟼Cal* P''" by (rule steps_add) thus "∃Q'. P ⟼Cal* Q' ∧ Q' ℛ↦<Rel,Cal> P''" using stepsClosure_refl[where Rel="Rel" and Cal="Cal"] unfolding refl_on_def by blast next case (trans P Q R) assume "⋀P'. P ⟼Cal* P' ⟹ ∃Q'. Q ⟼Cal* Q' ∧ Q' ℛ↦<Rel,Cal> P'" and "P ⟼Cal* P'" from this obtain Q' where A1: "Q ⟼Cal* Q'" and A2: "Q' ℛ↦<Rel,Cal> P'" by blast assume "⋀Q'. Q ⟼Cal* Q' ⟹ ∃R'. R ⟼Cal* R' ∧ R' ℛ↦<Rel,Cal> Q'" with A1 obtain R' where A3: "R ⟼Cal* R'" and A4: "R' ℛ↦<Rel,Cal> Q'" by blast from A4 A2 have "R' ℛ↦<Rel,Cal> P'" by (rule stepsClosure.trans) with A3 show "∃R'. R ⟼Cal* R' ∧ R' ℛ↦<Rel,Cal> P'" by blast qed qed text ‹Accordingly, if Rel is a weak simulation and its inverse is a weak contrasimulation, then the steps closure of Rel is a coupled simulation.› lemma simulation_and_inverse_contrasimulation_impl_steps_closure_is_coupled_simulation: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" assumes sim: "weak_reduction_simulation Rel Cal" and con: "weak_reduction_contrasimulation (Rel¯) Cal" shows "weak_reduction_coupled_simulation (stepsClosure Rel Cal) Cal" using sim con simulation_and_inverse_contrasimulation_impl_steps_closure_is_contrasimulation steps_closure_is_weak_reduction_simulation[where Rel="Rel" and Cal="Cal"] by simp text ‹If the relation that is closed under steps is a (contra)simulation, then we can conlude from a pair in the closure on a pair in the original relation.› lemma stepsClosure_simulation_impl_refl_trans_closure_of_Rel: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" and P Q :: "'a" assumes A1: "P ℛ↦<Rel,Cal> Q" and A2: "weak_reduction_simulation Rel Cal" shows "∃Q'. Q ⟼Cal* Q' ∧ (P, Q') ∈ Rel⇧*" proof - have "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧*)" using A1 proof induct case (rel P Q) assume "(P, Q) ∈ Rel" with A2 have "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel)" by blast thus "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧*)" by blast next case (steps P P') assume A: "P ⟼Cal* P'" show "∀P''. P' ⟼Cal* P'' ⟶ (∃Q'. P ⟼Cal* Q' ∧ (P'', Q') ∈ Rel⇧*)" proof clarify fix P'' assume "P' ⟼Cal* P''" with A have "P ⟼Cal* P''" by (rule steps_add) moreover have "(P'', P'') ∈ Rel⇧*" by simp ultimately show "∃Q'. P ⟼Cal* Q' ∧ (P'', Q') ∈ Rel⇧*" by blast qed next case (trans P Q R) assume A1: "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧*)" and A2: "∀Q'. Q ⟼Cal* Q' ⟶ (∃R'. R ⟼Cal* R' ∧ (Q', R') ∈ Rel⇧*)" show "∀P'. P ⟼Cal* P' ⟶ (∃R'. R ⟼Cal* R' ∧ (P', R') ∈ Rel⇧*)" proof clarify fix P' assume "P ⟼Cal* P'" with A1 obtain Q' where A3: "Q ⟼Cal* Q'" and A4: "(P', Q') ∈ Rel⇧*" by blast from A2 A3 obtain R' where A5: "R ⟼Cal* R'" and A6: "(Q', R') ∈ Rel⇧*" by blast from A4 A6 have "(P', R') ∈ Rel⇧*" by simp with A5 show "∃R'. R ⟼Cal* R' ∧ (P', R') ∈ Rel⇧*" by blast qed qed moreover have "P ⟼Cal* P" by (rule steps_refl) ultimately show ?thesis by blast qed lemma stepsClosure_contrasimulation_impl_refl_trans_closure_of_Rel: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" and P Q :: "'a" assumes A1: "P ℛ↦<Rel,Cal> Q" and A2: "weak_reduction_contrasimulation Rel Cal" shows "∃Q'. Q ⟼Cal* Q' ∧ (Q', P) ∈ Rel⇧*" proof - have "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel⇧*)" using A1 proof induct case (rel P Q) assume "(P, Q) ∈ Rel" with A2 have "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel)" by blast thus "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel⇧*)" by blast next case (steps P P') assume A: "P ⟼Cal* P'" show "∀P''. P' ⟼Cal* P'' ⟶ (∃Q'. P ⟼Cal* Q' ∧ (Q', P'') ∈ Rel⇧*)" proof clarify fix P'' assume "P' ⟼Cal* P''" with A have "P ⟼Cal* P''" by (rule steps_add) moreover have "(P'', P'') ∈ Rel⇧*" by simp ultimately show "∃Q'. P ⟼Cal* Q' ∧ (Q', P'') ∈ Rel⇧*" by blast qed next case (trans P Q R) assume A1: "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel⇧*)" and A2: "∀Q'. Q ⟼Cal* Q' ⟶ (∃R'. R ⟼Cal* R' ∧ (R', Q') ∈ Rel⇧*)" show "∀P'. P ⟼Cal* P' ⟶ (∃R'. R ⟼Cal* R' ∧ (R', P') ∈ Rel⇧*)" proof clarify fix P' assume "P ⟼Cal* P'" with A1 obtain Q' where A3: "Q ⟼Cal* Q'" and A4: "(Q', P') ∈ Rel⇧*" by blast from A2 A3 obtain R' where A5: "R ⟼Cal* R'" and A6: "(R', Q') ∈ Rel⇧*" by blast from A4 A6 have "(R', P') ∈ Rel⇧*" by simp with A5 show "∃R'. R ⟼Cal* R' ∧ (R', P') ∈ Rel⇧*" by blast qed qed moreover have "P ⟼Cal* P" by (rule steps_refl) ultimately show ?thesis by blast qed lemma stepsClosure_contrasimulation_of_inverse_impl_refl_trans_closure_of_Rel: fixes Rel :: "('a × 'a) set" and Cal :: "'a processCalculus" and P Q :: "'a" assumes A1: "P ℛ↦<Rel¯,Cal> Q" and A2: "weak_reduction_contrasimulation (Rel¯) Cal" shows "∃Q'. Q ⟼Cal* Q' ∧ (P, Q') ∈ Rel⇧*" proof - have "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧*)" using A1 proof induct case (rel P Q) assume "(P, Q) ∈ Rel¯" with A2 have "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (Q', P') ∈ Rel¯)" by blast thus "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧*)" by blast next case (steps P P') assume A: "P ⟼Cal* P'" show "∀P''. P' ⟼Cal* P'' ⟶ (∃Q'. P ⟼Cal* Q' ∧ (P'', Q') ∈ Rel⇧*)" proof clarify fix P'' assume "P' ⟼Cal* P''" with A have "P ⟼Cal* P''" by (rule steps_add) moreover have "(P'', P'') ∈ Rel⇧*" by simp ultimately show "∃Q'. P ⟼Cal* Q' ∧ (P'', Q') ∈ Rel⇧*" by blast qed next case (trans P Q R) assume A1: "∀P'. P ⟼Cal* P' ⟶ (∃Q'. Q ⟼Cal* Q' ∧ (P', Q') ∈ Rel⇧*)" and A2: "∀Q'. Q ⟼Cal* Q' ⟶ (∃R'. R ⟼Cal* R' ∧ (Q', R') ∈ Rel⇧*)" show "∀P'. P ⟼Cal* P' ⟶ (∃R'. R ⟼Cal* R' ∧ (P', R') ∈ Rel⇧*)" proof clarify fix P' assume "P ⟼Cal* P'" with A1 obtain Q' where A3: "Q ⟼Cal* Q'" and A4: "(P', Q') ∈ Rel⇧*" by blast from A3 A2 obtain R' where A5: "R ⟼Cal* R'" and A6: "(Q', R') ∈ Rel⇧*" by blast from A4 A6 have "(P', R') ∈ Rel⇧*" by simp with A5 show "∃R'. R ⟼Cal* R' ∧ (P', R') ∈ Rel⇧*" by blast qed qed moreover have "P ⟼Cal* P" by (rule steps_refl) ultimately show ?thesis by blast qed end
Theory Encodings
theory Encodings imports ProcessCalculi begin section ‹Encodings› text ‹In the simplest case an encoding from a source into a target language is a mapping from source into target terms. Encodability criteria describe properties on such mappings. To analyse encodability criteria we map them on conditions on relations between source and target terms. More precisely, we consider relations on pairs of the disjoint union of source and target terms. We denote this disjoint union of source and target terms by Proc. › datatype ('procS, 'procT) Proc = SourceTerm 'procS | TargetTerm 'procT definition STCal :: "'procS processCalculus ⇒ 'procT processCalculus ⇒ (('procS, 'procT) Proc) processCalculus" where "STCal Source Target ≡ ⦇Reductions = λP P'. (∃SP SP'. P = SourceTerm SP ∧ P' = SourceTerm SP' ∧ Reductions Source SP SP') ∨ (∃TP TP'. P = TargetTerm TP ∧ P' = TargetTerm TP' ∧ Reductions Target TP TP')⦈" definition STCalWB :: "('procS, 'barbs) calculusWithBarbs ⇒ ('procT, 'barbs) calculusWithBarbs ⇒ (('procS, 'procT) Proc, 'barbs) calculusWithBarbs" where "STCalWB Source Target ≡ ⦇Calculus = STCal (calculusWithBarbs.Calculus Source) (calculusWithBarbs.Calculus Target), HasBarb = λP a. (∃SP. P = SourceTerm SP ∧ (calculusWithBarbs.HasBarb Source) SP a) ∨ (∃TP. P = TargetTerm TP ∧ (calculusWithBarbs.HasBarb Target) TP a)⦈" text ‹An encoding consists of a source language, a target language, and a mapping from source into target terms.› locale encoding = fixes Source :: "'procS processCalculus" and Target :: "'procT processCalculus" and Enc :: "'procS ⇒ 'procT" begin abbreviation enc :: "'procS ⇒ 'procT" ("⟦_⟧" [65] 70) where "⟦S⟧ ≡ Enc S" abbreviation isSource :: "('procS, 'procT) Proc ⇒ bool" ("_ ∈ ProcS" [70] 80) where "P ∈ ProcS ≡ (∃S. P = SourceTerm S)" abbreviation isTarget :: "('procS, 'procT) Proc ⇒ bool" ("_ ∈ ProcT" [70] 80) where "P ∈ ProcT ≡ (∃T. P = TargetTerm T)" abbreviation getSource :: "'procS ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ∈S _" [70, 70] 80) where "S ∈S P ≡ (P = SourceTerm S)" abbreviation getTarget :: "'procT ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ∈T _" [70, 70] 80) where "T ∈T P ≡ (P = TargetTerm T)" text ‹A step of a term in Proc is either a source term step or a target term step.› abbreviation stepST :: "('procS, 'procT) Proc ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ⟼ST _" [70, 70] 80) where "P ⟼ST P' ≡ (∃S S'. S ∈S P ∧ S' ∈S P' ∧ S ⟼Source S') ∨ (∃T T'. T ∈T P ∧ T' ∈T P' ∧ T ⟼Target T')" lemma stepST_STCal_step: fixes P P' :: "('procS, 'procT) Proc" shows "P ⟼(STCal Source Target) P' = P ⟼ST P'" by (simp add: STCal_def) lemma STStep_step: fixes S :: "'procS" and T :: "'procT" and P' :: "('procS, 'procT) Proc" shows "SourceTerm S ⟼ST P' = (∃S'. S' ∈S P' ∧ S ⟼Source S')" and "TargetTerm T ⟼ST P' = (∃T'. T' ∈T P' ∧ T ⟼Target T')" by blast+ lemma STCal_step: fixes S :: "'procS" and T :: "'procT" and P' :: "('procS, 'procT) Proc" shows "SourceTerm S ⟼(STCal Source Target) P' = (∃S'. S' ∈S P' ∧ S ⟼Source S')" and "TargetTerm T ⟼(STCal Source Target) P' = (∃T'. T' ∈T P' ∧ T ⟼Target T')" by (simp add: STCal_def)+ text ‹A sequence of steps of a term in Proc is either a sequence of source term steps or a sequence of target term steps.› abbreviation stepsST :: "('procS, 'procT) Proc ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ⟼ST* _" [70, 70] 80) where "P ⟼ST* P' ≡ (∃S S'. S ∈S P ∧ S' ∈S P' ∧ S ⟼Source* S') ∨ (∃T T'. T ∈T P ∧ T' ∈T P' ∧ T ⟼Target* T')" lemma STSteps_steps: fixes S :: "'procS" and T :: "'procT" and P' :: "('procS, 'procT) Proc" shows "SourceTerm S ⟼ST* P' = (∃S'. S' ∈S P' ∧ S ⟼Source* S')" and "TargetTerm T ⟼ST* P' = (∃T'. T' ∈T P' ∧ T ⟼Target* T')" by blast+ lemma STCal_steps: fixes S :: "'procS" and T :: "'procT" and P' :: "('procS, 'procT) Proc" shows "SourceTerm S ⟼(STCal Source Target)* P' = (∃S'. S' ∈S P' ∧ S ⟼Source* S')" and "TargetTerm T ⟼(STCal Source Target)* P' = (∃T'. T' ∈T P' ∧ T ⟼Target* T')" proof auto assume "SourceTerm S ⟼(STCal Source Target)* P'" from this obtain n where "SourceTerm S ⟼(STCal Source Target)⇗n⇖ P'" by (auto simp add: steps_def) thus "∃S'. S' ∈S P' ∧ S ⟼Source* S'" proof (induct n arbitrary: P') case 0 assume "SourceTerm S ⟼(STCal Source Target)⇗0⇖ P'" hence "S ∈S P'" by simp moreover have "S ⟼Source* S" by (rule steps_refl) ultimately show "∃S'. S' ∈S P' ∧ S ⟼Source* S'" by blast next case (Suc n P'') assume "SourceTerm S ⟼(STCal Source Target)⇗Suc n⇖ P''" from this obtain P' where A1: "SourceTerm S ⟼(STCal Source Target)⇗n⇖ P'" and A2: "P' ⟼(STCal Source Target) P''" by auto assume "⋀P'. SourceTerm S ⟼(STCal Source Target)⇗n⇖ P' ⟹ ∃S'. S' ∈S P' ∧ S ⟼Source* S'" with A1 obtain S' where A3: "S' ∈S P'" and A4: "S ⟼Source* S'" by blast from A2 A3 obtain S'' where A5: "S'' ∈S P''" and A6: "S' ⟼Source S''" using STCal_step(1)[where S="S'" and P'="P''"] by blast from A4 A6 have "S ⟼Source* S''" using step_to_steps[where Cal="Source" and P="S'" and P'="S''"] by (simp add: steps_add[where Cal="Source" and P="S" and Q="S'" and R="S''"]) with A5 show "∃S''. S'' ∈S P'' ∧ S ⟼Source* S''" by blast qed next fix S' assume "S ⟼Source* S'" from this obtain n where "S ⟼Source⇗n⇖ S'" by (auto simp add: steps_def) thus "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" proof (induct n arbitrary: S') case 0 assume "S ⟼Source⇗0⇖ S'" hence "S = S'" by auto thus "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by (simp add: steps_refl) next case (Suc n S'') assume "S ⟼Source⇗Suc n⇖ S''" from this obtain S' where B1: "S ⟼Source⇗n⇖ S'" and B2: "S' ⟼Source S''" by auto assume "⋀S'. S ⟼Source⇗n⇖ S' ⟹ SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" with B1 have "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by blast moreover from B2 have "SourceTerm S' ⟼(STCal Source Target)* (SourceTerm S'')" using step_to_steps[where Cal="STCal Source Target" and P="SourceTerm S'"] by (simp add: STCal_def) ultimately show "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S'')" by (rule steps_add) qed next assume "TargetTerm T ⟼(STCal Source Target)* P'" from this obtain n where "TargetTerm T ⟼(STCal Source Target)⇗n⇖ P'" by (auto simp add: steps_def) thus "∃T'. T' ∈T P' ∧ T ⟼Target* T'" proof (induct n arbitrary: P') case 0 assume "TargetTerm T ⟼(STCal Source Target)⇗0⇖ P'" hence "T ∈T P'" by simp moreover have "T ⟼Target* T" by (rule steps_refl) ultimately show "∃T'. T' ∈T P' ∧ T ⟼Target* T'" by blast next case (Suc n P'') assume "TargetTerm T ⟼(STCal Source Target)⇗Suc n⇖ P''" from this obtain P' where A1: "TargetTerm T ⟼(STCal Source Target)⇗n⇖ P'" and A2: "P' ⟼(STCal Source Target) P''" by auto assume "⋀P'. TargetTerm T ⟼(STCal Source Target)⇗n⇖ P' ⟹ ∃T'. T' ∈T P' ∧ T ⟼Target* T'" with A1 obtain T' where A3: "T' ∈T P'" and A4: "T ⟼Target* T'" by blast from A2 A3 obtain T'' where A5: "T'' ∈T P''" and A6: "T' ⟼Target T''" using STCal_step(2)[where T="T'" and P'="P''"] by blast from A4 A6 have "T ⟼Target* T''" using step_to_steps[where Cal="Target" and P="T'" and P'="T''"] by (simp add: steps_add[where Cal="Target" and P="T" and Q="T'" and R="T''"]) with A5 show "∃T''. T'' ∈T P'' ∧ T ⟼Target* T''" by blast qed next fix T' assume "T ⟼Target* T'" from this obtain n where "T ⟼Target⇗n⇖ T'" by (auto simp add: steps_def) thus "TargetTerm T ⟼(STCal Source Target)* (TargetTerm T')" proof (induct n arbitrary: T') case 0 assume "T ⟼Target⇗0⇖ T'" hence "T = T'" by auto thus "TargetTerm T ⟼(STCal Source Target)* (TargetTerm T')" by (simp add: steps_refl) next case (Suc n T'') assume "T ⟼Target⇗Suc n⇖ T''" from this obtain T' where B1: "T ⟼Target⇗n⇖ T'" and B2: "T' ⟼Target T''" by auto assume "⋀T'. T ⟼Target⇗n⇖ T' ⟹ TargetTerm T ⟼(STCal Source Target)* (TargetTerm T')" with B1 have "TargetTerm T ⟼(STCal Source Target)* (TargetTerm T')" by blast moreover from B2 have "TargetTerm T' ⟼(STCal Source Target)* (TargetTerm T'')" using step_to_steps[where Cal="STCal Source Target" and P="TargetTerm T'"] by (simp add: STCal_def) ultimately show "TargetTerm T ⟼(STCal Source Target)* (TargetTerm T'')" by (rule steps_add) qed qed lemma stepsST_STCal_steps: fixes P P' :: "('procS, 'procT) Proc" shows "P ⟼(STCal Source Target)* P' = P ⟼ST* P'" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" thus "P ⟼(STCal Source Target)* P' = P ⟼ST* P'" using STCal_steps(1)[where S="SP" and P'="P'"] STSteps_steps(1)[where S="SP" and P'="P'"] by blast next case (TargetTerm TP) assume "TP ∈T P" thus "P ⟼(STCal Source Target)* P' = P ⟼ST* P'" using STCal_steps(2)[where T="TP" and P'="P'"] STSteps_steps(2)[where T="TP" and P'="P'"] by blast qed lemma stepsST_refl: fixes P :: "('procS, 'procT) Proc" shows "P ⟼ST* P" by (cases P, simp_all add: steps_refl) lemma stepsST_add: fixes P Q R :: "('procS, 'procT) Proc" assumes A1: "P ⟼ST* Q" and A2: "Q ⟼ST* R" shows "P ⟼ST* R" proof - from A1 have "P ⟼(STCal Source Target)* Q" by (simp add: stepsST_STCal_steps) moreover from A2 have "Q ⟼(STCal Source Target)* R" by (simp add: stepsST_STCal_steps) ultimately have "P ⟼(STCal Source Target)* R" by (rule steps_add) thus "P ⟼ST* R" by (simp add: stepsST_STCal_steps) qed text ‹A divergent term of Proc is either a divergent source term or a divergent target term.› abbreviation divergentST :: "('procS, 'procT) Proc ⇒ bool" ("_ ⟼STω" [70] 80) where "P ⟼STω ≡ (∃S. S ∈S P ∧ S ⟼(Source)ω) ∨ (∃T. T ∈T P ∧ T ⟼(Target)ω)" lemma STCal_divergent: fixes S :: "'procS" and T :: "'procT" shows "SourceTerm S ⟼(STCal Source Target)ω = S ⟼(Source)ω" and "TargetTerm T ⟼(STCal Source Target)ω = T ⟼(Target)ω" using STCal_steps by (auto simp add: STCal_def divergent_def) lemma divergentST_STCal_divergent: fixes P :: "('procS, 'procT) Proc" shows "P ⟼(STCal Source Target)ω = P ⟼STω" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" thus "P ⟼(STCal Source Target)ω = P ⟼STω" using STCal_divergent(1) by simp next case (TargetTerm TP) assume "TP ∈T P" thus "P ⟼(STCal Source Target)ω = P ⟼STω" using STCal_divergent(2) by simp qed text ‹Similar to relations we define what it means for an encoding to preserve, reflect, or respect a predicate. An encoding preserves some predicate P if P(S) implies P(enc S) for all source terms S.› abbreviation enc_preserves_pred :: "(('procS, 'procT) Proc ⇒ bool) ⇒ bool" where "enc_preserves_pred Pred ≡ ∀S. Pred (SourceTerm S) ⟶ Pred (TargetTerm (⟦S⟧))" abbreviation enc_preserves_binary_pred :: "(('procS, 'procT) Proc ⇒ 'b ⇒ bool) ⇒ bool" where "enc_preserves_binary_pred Pred ≡ ∀S x. Pred (SourceTerm S) x ⟶ Pred (TargetTerm (⟦S⟧)) x" text ‹An encoding reflects some predicate P if P(S) implies P(enc S) for all source terms S.› abbreviation enc_reflects_pred :: "(('procS, 'procT) Proc ⇒ bool) ⇒ bool" where "enc_reflects_pred Pred ≡ ∀S. Pred (TargetTerm (⟦S⟧)) ⟶ Pred (SourceTerm S)" abbreviation enc_reflects_binary_pred :: "(('procS, 'procT) Proc ⇒ 'b ⇒ bool) ⇒ bool" where "enc_reflects_binary_pred Pred ≡ ∀S x. Pred (TargetTerm (⟦S⟧)) x ⟶ Pred (SourceTerm S) x" text ‹An encoding respects a predicate if it preserves and reflects it.› abbreviation enc_respects_pred :: "(('procS, 'procT) Proc ⇒ bool) ⇒ bool" where "enc_respects_pred Pred ≡ enc_preserves_pred Pred ∧ enc_reflects_pred Pred" abbreviation enc_respects_binary_pred :: "(('procS, 'procT) Proc ⇒ 'b ⇒ bool) ⇒ bool" where "enc_respects_binary_pred Pred ≡ enc_preserves_binary_pred Pred ∧ enc_reflects_binary_pred Pred" end text ‹To compare source terms and target terms w.r.t. their barbs or observables we assume that each languages defines its own predicate for the existence of barbs.› locale encoding_wrt_barbs = encoding Source Target Enc for Source :: "'procS processCalculus" and Target :: "'procT processCalculus" and Enc :: "'procS ⇒ 'procT" + fixes SWB :: "('procS, 'barbs) calculusWithBarbs" and TWB :: "('procT, 'barbs) calculusWithBarbs" assumes calS: "calculusWithBarbs.Calculus SWB = Source" and calT: "calculusWithBarbs.Calculus TWB = Target" begin lemma STCalWB_STCal: shows "Calculus (STCalWB SWB TWB) = STCal Source Target" unfolding STCalWB_def using calS calT by auto text ‹We say a term P of Proc has some barbs a if either P is a source term that has barb a or P is a target term that has the barb b. For simplicity we assume that the sets of barbs is large enough to contain all barbs of the source terms, the target terms, and all barbs they might have in common.› abbreviation hasBarbST :: "('procS, 'procT) Proc ⇒ 'barbs ⇒ bool" ("_↓._" [70, 70] 80) where "P↓.a ≡ (∃S. S ∈S P ∧ S↓<SWB>a) ∨ (∃T. T ∈T P ∧ T↓<TWB>a)" lemma STCalWB_hasBarbST: fixes P :: "('procS, 'procT) Proc" and a :: "'barbs" shows "P↓<STCalWB SWB TWB>a = P↓.a" by (simp add: STCalWB_def) lemma preservation_of_barbs_in_barbed_encoding: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and P Q :: "('procS, 'procT) Proc" and a :: "'barbs" assumes preservation: "rel_preserves_barbs Rel (STCalWB SWB TWB)" and rel: "(P, Q) ∈ Rel" and barb: "P↓.a" shows "Q↓.a" using preservation rel barb by (simp add: STCalWB_def) lemma reflection_of_barbs_in_barbed_encoding: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and P Q :: "('procS, 'procT) Proc" and a :: "'barbs" assumes reflection: "rel_reflects_barbs Rel (STCalWB SWB TWB)" and rel: "(P, Q) ∈ Rel" and barb: "Q↓.a" shows "P↓.a" using reflection rel barb by (simp add: STCalWB_def) lemma respection_of_barbs_in_barbed_encoding: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and P Q :: "('procS, 'procT) Proc" and a :: "'barbs" assumes respection: "rel_respects_barbs Rel (STCalWB SWB TWB)" and rel: "(P, Q) ∈ Rel" shows "P↓.a = Q↓.a" using preservation_of_barbs_in_barbed_encoding[where Rel="Rel" and P="P" and Q="Q" and a="a"] reflection_of_barbs_in_barbed_encoding[where Rel="Rel" and P="P" and Q="Q" and a="a"] respection rel by blast text ‹A term P of Proc reaches a barb a if either P is a source term that reaches a or P is a target term that reaches a.› abbreviation reachesBarbST :: "('procS, 'procT) Proc ⇒ 'barbs ⇒ bool" ("_⇓._" [70, 70] 80) where "P⇓.a ≡ (∃S. S ∈S P ∧ S⇓<SWB>a) ∨ (∃T. T ∈T P ∧ T⇓<TWB>a)" lemma STCalWB_reachesBarbST: fixes P :: "('procS, 'procT) Proc" and a :: "'barbs" shows "P⇓<STCalWB SWB TWB>a = P⇓.a" proof - have "∀S. SourceTerm S⇓<STCalWB SWB TWB>a = SourceTerm S⇓.a" using STCal_steps(1) by (auto simp add: STCalWB_def calS calT) moreover have "∀T. TargetTerm T⇓<STCalWB SWB TWB>a = TargetTerm T⇓.a" using STCal_steps(2) by (auto simp add: STCalWB_def calS calT) ultimately show "P⇓<STCalWB SWB TWB>a = P⇓.a" by (cases P, simp+) qed lemma weak_preservation_of_barbs_in_barbed_encoding: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and P Q :: "('procS, 'procT) Proc" and a :: "'barbs" assumes preservation: "rel_weakly_preserves_barbs Rel (STCalWB SWB TWB)" and rel: "(P, Q) ∈ Rel" and barb: "P⇓.a" shows "Q⇓.a" proof - from barb have "P⇓<STCalWB SWB TWB>a" by (simp add: STCalWB_reachesBarbST) with preservation rel have "Q⇓<STCalWB SWB TWB>a" by blast thus "Q⇓.a" by (simp add: STCalWB_reachesBarbST) qed lemma weak_reflection_of_barbs_in_barbed_encoding: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and P Q :: "('procS, 'procT) Proc" and a :: "'barbs" assumes reflection: "rel_weakly_reflects_barbs Rel (STCalWB SWB TWB)" and rel: "(P, Q) ∈ Rel" and barb: "Q⇓.a" shows "P⇓.a" proof - from barb have "Q⇓<STCalWB SWB TWB>a" by (simp add: STCalWB_reachesBarbST) with reflection rel have "P⇓<STCalWB SWB TWB>a" by blast thus "P⇓.a" by (simp add: STCalWB_reachesBarbST) qed lemma weak_respection_of_barbs_in_barbed_encoding: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and P Q :: "('procS, 'procT) Proc" and a :: "'barbs" assumes respection: "rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" and rel: "(P, Q) ∈ Rel" shows "P⇓.a = Q⇓.a" proof (rule iffI) assume "P⇓.a" with respection rel show "Q⇓.a" using weak_preservation_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast next assume "Q⇓.a" with respection rel show "P⇓.a" using weak_reflection_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast qed end end
Theory SourceTargetRelation
theory SourceTargetRelation imports Encodings SimulationRelations begin section ‹Relation between Source and Target Terms› subsection ‹Relations Induced by the Encoding Function› text ‹We map encodability criteria on conditions of relations between source and target terms. The encoding function itself induces such relations. To analyse the preservation of source term behaviours we use relations that contain the pairs (S, enc S) for all source terms S. › inductive_set (in encoding) indRelR :: "((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelR" abbreviation (in encoding) indRelRinfix :: "('procS, 'procT) Proc ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧R _" [75, 75] 80) where "P ℛ⟦⋅⟧R Q ≡ (P, Q) ∈ indRelR" inductive_set (in encoding) indRelRPO :: "((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRPO" | source: "(SourceTerm S, SourceTerm S) ∈ indRelRPO" | target: "(TargetTerm T, TargetTerm T) ∈ indRelRPO" | trans: "⟦(P, Q) ∈ indRelRPO; (Q, R) ∈ indRelRPO⟧ ⟹ (P, R) ∈ indRelRPO" abbreviation (in encoding) indRelRPOinfix :: "('procS, 'procT) Proc ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ≲⟦⋅⟧R _" [75, 75] 80) where "P ≲⟦⋅⟧R Q ≡ (P, Q) ∈ indRelRPO" lemma (in encoding) indRelRPO_refl: shows "refl indRelRPO" unfolding refl_on_def proof auto fix P show "P ≲⟦⋅⟧R P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" thus "P ≲⟦⋅⟧R P" by (simp add: indRelRPO.source) next case (TargetTerm TP) assume "TP ∈T P" thus "P ≲⟦⋅⟧R P" by (simp add: indRelRPO.target) qed qed lemma (in encoding) indRelRPO_is_preorder: shows "preorder indRelRPO" unfolding preorder_on_def proof show "refl indRelRPO" by (rule indRelRPO_refl) next show "trans indRelRPO" unfolding trans_def proof clarify fix P Q R assume "P ≲⟦⋅⟧R Q" and "Q ≲⟦⋅⟧R R" thus "P ≲⟦⋅⟧R R" by (rule indRelRPO.trans) qed qed lemma (in encoding) refl_trans_closure_of_indRelR: shows "indRelRPO = indRelR⇧*" proof auto fix P Q assume "P ≲⟦⋅⟧R Q" thus "(P, Q) ∈ indRelR⇧*" proof induct case (encR S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelR⇧*" using indRelR.encR[of S] by simp next case (source S) show "(SourceTerm S, SourceTerm S) ∈ indRelR⇧*" by simp next case (target T) show "(TargetTerm T, TargetTerm T) ∈ indRelR⇧*" by simp next case (trans P Q R) assume "(P, Q) ∈ indRelR⇧*" and "(Q, R) ∈ indRelR⇧*" thus "(P, R) ∈ indRelR⇧*" by simp qed next fix P Q assume "(P, Q) ∈ indRelR⇧*" thus "P ≲⟦⋅⟧R Q" proof induct show "P ≲⟦⋅⟧R P" using indRelRPO_refl unfolding refl_on_def by simp next case (step Q R) assume "P ≲⟦⋅⟧R Q" moreover assume "Q ℛ⟦⋅⟧R R" hence "Q ≲⟦⋅⟧R R" by (induct, simp add: indRelRPO.encR) ultimately show "P ≲⟦⋅⟧R R" by (rule indRelRPO.trans) qed qed text ‹The relation indRelR is the smallest relation that relates all source terms and their literal translations. Thus there exists a relation that relates source terms and their literal translations and satisfies some predicate on its pairs iff the predicate holds for the pairs of indRelR.› lemma (in encoding) indRelR_impl_exists_source_target_relation: fixes PredA :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set ⇒ bool" and PredB :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" shows "PredA indRelR ⟹ ∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ PredA Rel" and "∀(P, Q) ∈ indRelR. PredB (P, Q) ⟹ ∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. PredB (P, Q))" proof - have A: "∀S. SourceTerm S ℛ⟦⋅⟧R TargetTerm (⟦S⟧)" by (simp add: indRelR.encR) thus "PredA indRelR ⟹ ∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ PredA Rel" by blast with A show "∀(P, Q) ∈ indRelR. PredB (P, Q) ⟹ ∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. PredB (P, Q))" by blast qed lemma (in encoding) source_target_relation_impl_indRelR: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" assumes encRRel: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and condRel: "∀(P, Q) ∈ Rel. Pred (P, Q)" shows "∀(P, Q) ∈ indRelR. Pred (P, Q)" proof clarify fix P Q assume "P ℛ⟦⋅⟧R Q" with encRRel have "(P, Q) ∈ Rel" by (auto simp add: indRelR.simps) with condRel show "Pred (P, Q)" by simp qed lemma (in encoding) indRelR_iff_exists_source_target_relation: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" shows "(∀(P, Q) ∈ indRelR. Pred (P, Q)) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)))" using indRelR_impl_exists_source_target_relation(2)[where PredB="Pred"] source_target_relation_impl_indRelR[where Pred="Pred"] by blast lemma (in encoding) indRelR_modulo_pred_impl_indRelRPO_modulo_pred: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" assumes reflCond: "∀P. Pred (P, P)" and transCond: "∀P Q R. Pred (P, Q) ∧ Pred (Q, R) ⟶ Pred (P, R)" shows "(∀(P, Q) ∈ indRelR. Pred (P, Q)) = (∀(P, Q) ∈ indRelRPO. Pred (P, Q))" proof auto fix P Q assume A: "∀x ∈ indRelR. Pred x" assume "P ≲⟦⋅⟧R Q" thus "Pred (P, Q)" proof induct case (encR S) have "SourceTerm S ℛ⟦⋅⟧R TargetTerm (⟦S⟧)" by (simp add: indRelR.encR) with A show "Pred (SourceTerm S, TargetTerm (⟦S⟧))" by simp next case (source S) from reflCond show "Pred (SourceTerm S, SourceTerm S)" by simp next case (target T) from reflCond show "Pred (TargetTerm T, TargetTerm T)" by simp next case (trans P Q R) assume "Pred (P, Q)" and "Pred (Q, R)" with transCond show "Pred (P, R)" by blast qed next fix P Q assume "∀x ∈ indRelRPO. Pred x" and "P ℛ⟦⋅⟧R Q" thus "Pred (P, Q)" by (auto simp add: indRelRPO.encR indRelR.simps) qed lemma (in encoding) indRelRPO_iff_exists_source_target_relation: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" shows "(∀(P, Q) ∈ indRelRPO. Pred (P, Q)) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)) ∧ preorder Rel)" proof (rule iffI) have "∀S. SourceTerm S ≲⟦⋅⟧R TargetTerm (⟦S⟧)" by (simp add: indRelRPO.encR) moreover have "preorder indRelRPO" using indRelRPO_is_preorder by blast moreover assume "∀(P, Q) ∈ indRelRPO. Pred (P, Q)" ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)) ∧ preorder Rel" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)) ∧ preorder Rel" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀(P, Q) ∈ Rel. Pred (P, Q)" and A3: "preorder Rel" by blast show "∀(P, Q) ∈ indRelRPO. Pred (P, Q)" proof clarify fix P Q assume "P ≲⟦⋅⟧R Q" hence "(P, Q) ∈ Rel" proof induct case (encR S) from A1 show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp next case (source S) from A3 show "(SourceTerm S, SourceTerm S) ∈ Rel" unfolding preorder_on_def refl_on_def by simp next case (target T) from A3 show "(TargetTerm T, TargetTerm T) ∈ Rel" unfolding preorder_on_def refl_on_def by simp next case (trans P Q R) assume "(P, Q) ∈ Rel" and "(Q, R) ∈ Rel" with A3 show "(P, R) ∈ Rel" unfolding preorder_on_def trans_def by blast qed with A2 show "Pred (P, Q)" by simp qed qed text ‹An encoding preserves, reflects, or respects a predicate iff indRelR preserves, reflects, or respects this predicate.› lemma (in encoding) enc_satisfies_pred_impl_indRelR_satisfies_pred: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" assumes encCond: "∀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))" shows "∀(P, Q) ∈ indRelR. Pred (P, Q)" by (auto simp add: encCond indRelR.simps) lemma (in encoding) indRelR_satisfies_pred_impl_enc_satisfies_pred: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" assumes relCond: "∀(P, Q) ∈ indRelR. Pred (P, Q)" shows "∀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))" using relCond indRelR.encR by simp lemma (in encoding) enc_satisfies_pred_iff_indRelR_satisfies_pred: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" shows "(∀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))) = (∀(P, Q) ∈ indRelR. Pred (P, Q))" using enc_satisfies_pred_impl_indRelR_satisfies_pred[where Pred="Pred"] indRelR_satisfies_pred_impl_enc_satisfies_pred[where Pred="Pred"] by blast lemma (in encoding) enc_satisfies_binary_pred_iff_indRelR_satisfies_binary_pred: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ 'b ⇒ bool" shows "(∀S a. Pred (SourceTerm S, TargetTerm (⟦S⟧)) a) = (∀(P, Q) ∈ indRelR. ∀a. Pred (P, Q) a)" using enc_satisfies_pred_iff_indRelR_satisfies_pred by simp lemma (in encoding) enc_preserves_pred_iff_indRelR_preserves_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_preserves_pred Pred = rel_preserves_pred indRelR Pred" using enc_satisfies_pred_iff_indRelR_satisfies_pred[where Pred="λ(P, Q). Pred P ⟶ Pred Q"] by blast lemma (in encoding) enc_preserves_binary_pred_iff_indRelR_preserves_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "enc_preserves_binary_pred Pred = rel_preserves_binary_pred indRelR Pred" using enc_satisfies_binary_pred_iff_indRelR_satisfies_binary_pred[where Pred="λ(P, Q) a. Pred P a ⟶ Pred Q a"] by blast lemma (in encoding) enc_preserves_pred_iff_indRelRPO_preserves_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_preserves_pred Pred = rel_preserves_pred indRelRPO Pred" using enc_preserves_pred_iff_indRelR_preserves_pred[where Pred="Pred"] indRelR_modulo_pred_impl_indRelRPO_modulo_pred[where Pred="λ(P, Q). Pred P ⟶ Pred Q"] by blast lemma (in encoding) enc_reflects_pred_iff_indRelR_reflects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_reflects_pred Pred = rel_reflects_pred indRelR Pred" using enc_satisfies_pred_iff_indRelR_satisfies_pred[where Pred="λ(P, Q). Pred Q ⟶ Pred P"] by blast lemma (in encoding) enc_reflects_binary_pred_iff_indRelR_reflects_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "enc_reflects_binary_pred Pred = rel_reflects_binary_pred indRelR Pred" using enc_satisfies_binary_pred_iff_indRelR_satisfies_binary_pred[where Pred="λ(P, Q) a. Pred Q a ⟶ Pred P a"] by blast lemma (in encoding) enc_reflects_pred_iff_indRelRPO_reflects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_reflects_pred Pred = rel_reflects_pred indRelRPO Pred" using enc_reflects_pred_iff_indRelR_reflects_pred[where Pred="Pred"] indRelR_modulo_pred_impl_indRelRPO_modulo_pred[where Pred="λ(P, Q). Pred Q ⟶ Pred P"] by blast lemma (in encoding) enc_respects_pred_iff_indRelR_respects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_respects_pred Pred = rel_respects_pred indRelR Pred" using enc_preserves_pred_iff_indRelR_preserves_pred[where Pred="Pred"] enc_reflects_pred_iff_indRelR_reflects_pred[where Pred="Pred"] by blast lemma (in encoding) enc_respects_binary_pred_iff_indRelR_respects_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "enc_respects_binary_pred Pred = rel_respects_binary_pred indRelR Pred" using enc_preserves_binary_pred_iff_indRelR_preserves_binary_pred[where Pred="Pred"] enc_reflects_binary_pred_iff_indRelR_reflects_binary_pred[where Pred="Pred"] by blast lemma (in encoding) enc_respects_pred_iff_indRelRPO_respects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_respects_pred Pred = rel_respects_pred indRelRPO Pred" using enc_respects_pred_iff_indRelR_respects_pred[where Pred="Pred"] indRelR_modulo_pred_impl_indRelRPO_modulo_pred[where Pred="λ(P, Q). Pred Q = Pred P"] apply simp by blast text ‹Accordingly an encoding preserves, reflects, or respects a predicate iff there exists a relation that relates source terms with their literal translations and preserves, reflects, or respects this predicate.› lemma (in encoding) enc_satisfies_pred_iff_source_target_satisfies_pred: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" shows "(∀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)))" and "⟦∀P Q R. Pred (P, Q) ∧ Pred (Q, R) ⟶ Pred (P, R); ∀P. Pred (P, P)⟧ ⟹ (∀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)) ∧ preorder Rel)" proof - show "(∀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)))" using enc_satisfies_pred_iff_indRelR_satisfies_pred[where Pred="Pred"] indRelR_iff_exists_source_target_relation[where Pred="Pred"] by simp next have "(∀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))) = (∀(P, Q) ∈ indRelR. Pred (P, Q))" using enc_satisfies_pred_iff_indRelR_satisfies_pred[where Pred="Pred"] by simp moreover assume "∀P Q R. Pred (P, Q) ∧ Pred (Q, R) ⟶ Pred (P, R)" and "∀P. Pred (P, P)" hence "(∀(P, Q) ∈ indRelR. Pred (P, Q)) = (∀(P, Q) ∈ indRelRPO. Pred (P, Q))" using indRelR_modulo_pred_impl_indRelRPO_modulo_pred[where Pred="Pred"] by blast ultimately show "(∀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)) ∧ preorder Rel)" using indRelRPO_iff_exists_source_target_relation[where Pred="Pred"] by simp qed lemma (in encoding) enc_preserves_pred_iff_source_target_rel_preserves_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_preserves_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_pred Rel Pred)" and "enc_preserves_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_pred Rel Pred ∧ preorder Rel)" proof - have A1: "enc_preserves_pred Pred = (∀S. (λ(P, Q). Pred P ⟶ Pred Q) (SourceTerm S, TargetTerm (⟦S⟧)))" by blast moreover have A2: "⋀Rel. rel_preserves_pred Rel Pred = (∀(P, Q) ∈ Rel. (λ(P, Q). Pred P ⟶ Pred Q) (P, Q))" by blast ultimately show "enc_preserves_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_pred Rel Pred)" using enc_satisfies_pred_iff_source_target_satisfies_pred(1)[where Pred="λ(P, Q). Pred P ⟶ Pred Q"] by simp from A1 A2 show "enc_preserves_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_pred Rel Pred ∧ preorder Rel)" using enc_satisfies_pred_iff_source_target_satisfies_pred(2)[where Pred="λ(P, Q). Pred P ⟶ Pred Q"] by simp qed lemma (in encoding) enc_preserves_binary_pred_iff_source_target_rel_preserves_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "enc_preserves_binary_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_binary_pred Rel Pred)" proof - have "enc_preserves_binary_pred Pred = (∀S. (λ(P, Q). ∀a. Pred P a ⟶ Pred Q a) (SourceTerm S, TargetTerm (⟦S⟧)))" by blast moreover have "⋀Rel. rel_preserves_binary_pred Rel Pred = (∀(P, Q) ∈ Rel. (λ(P, Q). ∀a. Pred P a ⟶ Pred Q a) (P, Q))" by blast ultimately show "enc_preserves_binary_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_binary_pred Rel Pred)" using enc_satisfies_pred_iff_source_target_satisfies_pred(1)[where Pred="λ(P, Q). ∀a. Pred P a ⟶ Pred Q a"] by simp qed lemma (in encoding) enc_reflects_pred_iff_source_target_rel_reflects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_reflects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel Pred)" and "enc_reflects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel Pred ∧ preorder Rel)" proof - have A1: "enc_reflects_pred Pred = (∀S. (λ(P, Q). Pred Q ⟶ Pred P) (SourceTerm S, TargetTerm (⟦S⟧)))" by blast moreover have A2: "⋀Rel. rel_reflects_pred Rel Pred = (∀(P, Q) ∈ Rel. (λ(P, Q). Pred Q ⟶ Pred P) (P, Q))" by blast ultimately show "enc_reflects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel Pred)" using enc_satisfies_pred_iff_source_target_satisfies_pred(1)[where Pred="λ(P, Q). Pred Q ⟶ Pred P"] by simp from A1 A2 show "enc_reflects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel Pred ∧ preorder Rel)" using enc_satisfies_pred_iff_source_target_satisfies_pred(2)[where Pred="λ(P, Q). Pred Q ⟶ Pred P"] by simp qed lemma (in encoding) enc_reflects_binary_pred_iff_source_target_rel_reflects_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "enc_reflects_binary_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_binary_pred Rel Pred)" proof - have "enc_reflects_binary_pred Pred = (∀S. (λ(P, Q). ∀a. Pred Q a ⟶ Pred P a) (SourceTerm S, TargetTerm (⟦S⟧)))" by blast moreover have "⋀Rel. rel_reflects_binary_pred Rel Pred = (∀(P, Q) ∈ Rel. (λ(P, Q). ∀a. Pred Q a ⟶ Pred P a) (P, Q))" by blast ultimately show "enc_reflects_binary_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_binary_pred Rel Pred)" using enc_satisfies_pred_iff_source_target_satisfies_pred(1)[where Pred="λ(P, Q). ∀a. Pred Q a ⟶ Pred P a"] by simp qed lemma (in encoding) enc_respects_pred_iff_source_target_rel_respects_pred_encR: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_respects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred)" and "enc_respects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred ∧ preorder Rel)" proof - have A1: "enc_respects_pred Pred = (∀S. (λ(P, Q). Pred P = Pred Q) (SourceTerm S, TargetTerm (⟦S⟧)))" by blast moreover have A2: "⋀Rel. rel_respects_pred Rel Pred = (∀(P, Q) ∈ Rel. (λ(P, Q). Pred P = Pred Q) (P, Q))" by blast ultimately show "enc_respects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred)" using enc_satisfies_pred_iff_source_target_satisfies_pred(1)[where Pred="λ(P, Q). Pred P = Pred Q"] by simp from A1 A2 show "enc_respects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred ∧ preorder Rel)" using enc_satisfies_pred_iff_source_target_satisfies_pred(2)[where Pred="λ(P, Q). Pred P = Pred Q"] by simp qed lemma (in encoding) enc_respects_binary_pred_iff_source_target_rel_respects_binary_pred_encR: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "enc_respects_binary_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred)" proof - have "enc_respects_binary_pred Pred = (∀S. (λ(P, Q). ∀a. Pred P a = Pred Q a) (SourceTerm S, TargetTerm (⟦S⟧)))" by blast moreover have "⋀Rel. rel_respects_binary_pred Rel Pred = (∀(P, Q) ∈ Rel. (λ(P, Q). ∀a. Pred P a = Pred Q a) (P, Q))" by blast ultimately show "enc_respects_binary_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred)" using enc_satisfies_pred_iff_source_target_satisfies_pred(1)[where Pred="λ(P, Q). ∀a. Pred P a = Pred Q a"] by simp qed text ‹To analyse the reflection of source term behaviours we use relations that contain the pairs (enc S, S) for all source terms S.› inductive_set (in encoding) indRelL :: "((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" where encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelL" abbreviation (in encoding) indRelLinfix :: "('procS, 'procT) Proc ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧L _" [75, 75] 80) where "P ℛ⟦⋅⟧L Q ≡ (P, Q) ∈ indRelL" inductive_set (in encoding) indRelLPO :: "((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" where encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelLPO" | source: "(SourceTerm S, SourceTerm S) ∈ indRelLPO" | target: "(TargetTerm T, TargetTerm T) ∈ indRelLPO" | trans: "⟦(P, Q) ∈ indRelLPO; (Q, R) ∈ indRelLPO⟧ ⟹ (P, R) ∈ indRelLPO" abbreviation (in encoding) indRelLPOinfix :: "('procS, 'procT) Proc ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ≲⟦⋅⟧L _" [75, 75] 80) where "P ≲⟦⋅⟧L Q ≡ (P, Q) ∈ indRelLPO" lemma (in encoding) indRelLPO_refl: shows "refl indRelLPO" unfolding refl_on_def proof auto fix P show "P ≲⟦⋅⟧L P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" thus "P ≲⟦⋅⟧L P" by (simp add: indRelLPO.source) next case (TargetTerm TP) assume "TP ∈T P" thus "P ≲⟦⋅⟧L P" by (simp add: indRelLPO.target) qed qed lemma (in encoding) indRelLPO_is_preorder: shows "preorder indRelLPO" unfolding preorder_on_def proof show "refl indRelLPO" by (rule indRelLPO_refl) next show "trans indRelLPO" unfolding trans_def proof clarify fix P Q R assume "P ≲⟦⋅⟧L Q" and "Q ≲⟦⋅⟧L R" thus "P ≲⟦⋅⟧L R" by (rule indRelLPO.trans) qed qed lemma (in encoding) refl_trans_closure_of_indRelL: shows "indRelLPO = indRelL⇧*" proof auto fix P Q assume "P ≲⟦⋅⟧L Q" thus "(P, Q) ∈ indRelL⇧*" proof induct case (encL S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelL⇧*" using indRelL.encL[of S] by simp next case (source S) show "(SourceTerm S, SourceTerm S) ∈ indRelL⇧*" by simp next case (target T) show "(TargetTerm T, TargetTerm T) ∈ indRelL⇧*" by simp next case (trans P Q R) assume "(P, Q) ∈ indRelL⇧*" and "(Q, R) ∈ indRelL⇧*" thus "(P, R) ∈ indRelL⇧*" by simp qed next fix P Q assume "(P, Q) ∈ indRelL⇧*" thus "P ≲⟦⋅⟧L Q" proof induct show "P ≲⟦⋅⟧L P" using indRelLPO_refl unfolding refl_on_def by simp next case (step Q R) assume "P ≲⟦⋅⟧L Q" moreover assume "Q ℛ⟦⋅⟧L R" hence "Q ≲⟦⋅⟧L R" by (induct, simp add: indRelLPO.encL) ultimately show "P ≲⟦⋅⟧L R" by (simp add: indRelLPO.trans[of P Q R]) qed qed text ‹The relations indRelR and indRelL are dual. indRelR preserves some predicate iff indRelL reflects it. indRelR reflects some predicate iff indRelL reflects it. indRelR respects some predicate iff indRelL does.› lemma (in encoding) indRelR_preserves_pred_iff_indRelL_reflects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "rel_preserves_pred indRelR Pred = rel_reflects_pred indRelL Pred" proof assume preservation: "rel_preserves_pred indRelR Pred" show "rel_reflects_pred indRelL Pred" proof clarify fix P Q assume "P ℛ⟦⋅⟧L Q" from this obtain S where "S ∈S Q" and "⟦S⟧ ∈T P" by (induct, blast) hence "Q ℛ⟦⋅⟧R P" by (simp add: indRelR.encR) moreover assume "Pred Q" ultimately show "Pred P" using preservation by blast qed next assume reflection: "rel_reflects_pred indRelL Pred" show "rel_preserves_pred indRelR Pred" proof clarify fix P Q assume "P ℛ⟦⋅⟧R Q" from this obtain S where "S ∈S P" and "⟦S⟧ ∈T Q" by (induct, blast) hence "Q ℛ⟦⋅⟧L P" by (simp add: indRelL.encL) moreover assume "Pred P" ultimately show "Pred Q" using reflection by blast qed qed lemma (in encoding) indRelR_preserves_binary_pred_iff_indRelL_reflects_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "rel_preserves_binary_pred indRelR Pred = rel_reflects_binary_pred indRelL Pred" proof assume preservation: "rel_preserves_binary_pred indRelR Pred" show "rel_reflects_binary_pred indRelL Pred" proof clarify fix P Q x assume "P ℛ⟦⋅⟧L Q" from this obtain S where "S ∈S Q" and "⟦S⟧ ∈T P" by (induct, blast) hence "Q ℛ⟦⋅⟧R P" by (simp add: indRelR.encR) moreover assume "Pred Q x" ultimately show "Pred P x" using preservation by blast qed next assume reflection: "rel_reflects_binary_pred indRelL Pred" show "rel_preserves_binary_pred indRelR Pred" proof clarify fix P Q x assume "P ℛ⟦⋅⟧R Q" from this obtain S where "S ∈S P" and "⟦S⟧ ∈T Q" by (induct, blast) hence "Q ℛ⟦⋅⟧L P" by (simp add: indRelL.encL) moreover assume "Pred P x" ultimately show "Pred Q x" using reflection by blast qed qed lemma (in encoding) indRelR_reflects_pred_iff_indRelL_preserves_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "rel_reflects_pred indRelR Pred = rel_preserves_pred indRelL Pred" proof assume reflection: "rel_reflects_pred indRelR Pred" show "rel_preserves_pred indRelL Pred" proof clarify fix P Q assume "P ℛ⟦⋅⟧L Q" from this obtain S where "S ∈S Q" and "⟦S⟧ ∈T P" by (induct, blast) hence "Q ℛ⟦⋅⟧R P" by (simp add: indRelR.encR) moreover assume "Pred P" ultimately show "Pred Q" using reflection by blast qed next assume preservation: "rel_preserves_pred indRelL Pred" show "rel_reflects_pred indRelR Pred" proof clarify fix P Q assume "P ℛ⟦⋅⟧R Q" from this obtain S where "S ∈S P" and "⟦S⟧ ∈T Q" by (induct, blast) hence "Q ℛ⟦⋅⟧L P" by (simp add: indRelL.encL) moreover assume "Pred Q" ultimately show "Pred P" using preservation by blast qed qed lemma (in encoding) indRelR_reflects_binary_pred_iff_indRelL_preserves_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "rel_reflects_binary_pred indRelR Pred = rel_preserves_binary_pred indRelL Pred" proof assume reflection: "rel_reflects_binary_pred indRelR Pred" show "rel_preserves_binary_pred indRelL Pred" proof clarify fix P Q x assume "P ℛ⟦⋅⟧L Q" from this obtain S where "S ∈S Q" and "⟦S⟧ ∈T P" by (induct, blast) hence "Q ℛ⟦⋅⟧R P" by (simp add: indRelR.encR) moreover assume "Pred P x" ultimately show "Pred Q x" using reflection by blast qed next assume preservation: "rel_preserves_binary_pred indRelL Pred" show "rel_reflects_binary_pred indRelR Pred" proof clarify fix P Q x assume "P ℛ⟦⋅⟧R Q" from this obtain S where "S ∈S P" and "⟦S⟧ ∈T Q" by (induct, blast) hence "Q ℛ⟦⋅⟧L P" by (simp add: indRelL.encL) moreover assume "Pred Q x" ultimately show "Pred P x" using preservation by blast qed qed lemma (in encoding) indRelR_respects_pred_iff_indRelL_respects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "rel_respects_pred indRelR Pred = rel_respects_pred indRelL Pred" using indRelR_preserves_pred_iff_indRelL_reflects_pred[where Pred="Pred"] indRelR_reflects_pred_iff_indRelL_preserves_pred[where Pred="Pred"] by blast lemma (in encoding) indRelR_respects_binary_pred_iff_indRelL_respects_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒'b ⇒ bool" shows "rel_respects_binary_pred indRelR Pred = rel_respects_binary_pred indRelL Pred" using indRelR_preserves_binary_pred_iff_indRelL_reflects_binary_pred[where Pred="Pred"] indRelR_reflects_binary_pred_iff_indRelL_preserves_binary_pred[where Pred="Pred"] by blast lemma (in encoding) indRelR_cond_preservation_iff_indRelL_cond_reflection: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_pred Rel Pred) = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_reflects_pred Rel Pred)" proof assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_pred Rel Pred" then obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "rel_preserves_pred Rel Pred" by blast from A1 have "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel¯" by simp moreover from A2 have "rel_reflects_pred (Rel¯) Pred" by simp ultimately show "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_reflects_pred Rel Pred" by blast next assume "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_reflects_pred Rel Pred" then obtain Rel where B1: "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and B2: "rel_reflects_pred Rel Pred" by blast from B1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel¯" by simp moreover from B2 have "rel_preserves_pred (Rel¯) Pred" by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_pred Rel Pred" by blast qed lemma (in encoding) indRelR_cond_binary_preservation_iff_indRelL_cond_binary_reflection: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_binary_pred Rel Pred) = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_reflects_binary_pred Rel Pred)" proof assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_binary_pred Rel Pred" then obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "rel_preserves_binary_pred Rel Pred" by blast from A1 have "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel¯" by simp moreover from A2 have "rel_reflects_binary_pred (Rel¯) Pred" by simp ultimately show "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_reflects_binary_pred Rel Pred" by blast next assume "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_reflects_binary_pred Rel Pred" then obtain Rel where B1: "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and B2: "rel_reflects_binary_pred Rel Pred" by blast from B1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel¯" by simp moreover from B2 have "rel_preserves_binary_pred (Rel¯) Pred" by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_binary_pred Rel Pred" by blast qed lemma (in encoding) indRelR_cond_reflection_iff_indRelL_cond_preservation: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel Pred) = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_preserves_pred Rel Pred)" proof assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel Pred" then obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "rel_reflects_pred Rel Pred" by blast from A1 have "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel¯" by simp moreover from A2 have "rel_preserves_pred (Rel¯) Pred" by blast ultimately show "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_preserves_pred Rel Pred" by blast next assume "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_preserves_pred Rel Pred" then obtain Rel where B1: "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and B2: "rel_preserves_pred Rel Pred" by blast from B1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel¯" by simp moreover from B2 have "rel_reflects_pred (Rel¯) Pred" by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel Pred" by blast qed lemma (in encoding) indRelR_cond_binary_reflection_iff_indRelL_cond_binary_preservation: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_binary_pred Rel Pred) = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_preserves_binary_pred Rel Pred)" proof assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_binary_pred Rel Pred" then obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "rel_reflects_binary_pred Rel Pred" by blast from A1 have "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel¯" by simp moreover from A2 have "rel_preserves_binary_pred (Rel¯) Pred" by blast ultimately show "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_preserves_binary_pred Rel Pred" by blast next assume "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_preserves_binary_pred Rel Pred" then obtain Rel where B1: "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and B2: "rel_preserves_binary_pred Rel Pred" by blast from B1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel¯" by simp moreover from B2 have "rel_reflects_binary_pred (Rel¯) Pred" by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_binary_pred Rel Pred" by blast qed lemma (in encoding) indRelR_cond_respection_iff_indRelL_cond_respection: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred) = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_pred Rel Pred)" proof assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "rel_respects_pred Rel Pred" by blast from A1 have "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ {(a, b). (b, a) ∈ Rel}" by simp moreover from A2 have "rel_respects_pred {(a, b). (b, a) ∈ Rel} Pred" by blast ultimately show "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_pred Rel Pred" by blast next assume "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_pred Rel Pred" from this obtain Rel where A1: "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and A2: "rel_respects_pred Rel Pred" by blast from A1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ {(a, b). (b, a) ∈ Rel}" by simp moreover from A2 have "rel_respects_pred {(a, b). (b, a) ∈ Rel} Pred" by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred" by blast qed lemma (in encoding) indRelR_cond_binary_respection_iff_indRelL_cond_binary_respection: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred) = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred)" proof assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "rel_respects_binary_pred Rel Pred" by blast from A1 have "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ {(a, b). (b, a) ∈ Rel}" by simp moreover from A2 have "rel_respects_binary_pred {(a, b). (b, a) ∈ Rel} Pred" by blast ultimately show "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred" by blast next assume "∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred" from this obtain Rel where A1: "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and A2: "rel_respects_binary_pred Rel Pred" by blast from A1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ {(a, b). (b, a) ∈ Rel}" by simp moreover from A2 have "rel_respects_binary_pred {(a, b). (b, a) ∈ Rel} Pred" by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred" by blast qed text ‹An encoding preserves, reflects, or respects a predicate iff indRelL reflects, preserves, or respects this predicate.› lemma (in encoding) enc_preserves_pred_iff_indRelL_reflects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_preserves_pred Pred = rel_reflects_pred indRelL Pred" using enc_preserves_pred_iff_indRelR_preserves_pred[where Pred="Pred"] indRelR_preserves_pred_iff_indRelL_reflects_pred[where Pred="Pred"] by blast lemma (in encoding) enc_reflects_pred_iff_indRelL_preserves_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_reflects_pred Pred = rel_preserves_pred indRelL Pred" using enc_reflects_pred_iff_indRelR_reflects_pred[where Pred="Pred"] indRelR_reflects_pred_iff_indRelL_preserves_pred[where Pred="Pred"] by blast lemma (in encoding) enc_respects_pred_iff_indRelL_respects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_respects_pred Pred = rel_respects_pred indRelL Pred" using enc_preserves_pred_iff_indRelL_reflects_pred[where Pred="Pred"] enc_reflects_pred_iff_indRelL_preserves_pred[where Pred="Pred"] by blast text ‹An encoding preserves, reflects, or respects a predicate iff there exists a relation, namely indRelL, that relates literal translations with their source terms and reflects, preserves, or respects this predicate.› lemma (in encoding) enc_preserves_pred_iff_source_target_rel_reflects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_preserves_pred Pred = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_reflects_pred Rel Pred)" using enc_preserves_pred_iff_source_target_rel_preserves_pred[where Pred="Pred"] indRelR_cond_preservation_iff_indRelL_cond_reflection[where Pred="Pred"] by simp lemma (in encoding) enc_reflects_pred_iff_source_target_rel_preserves_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_reflects_pred Pred = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_preserves_pred Rel Pred)" using enc_reflects_pred_iff_source_target_rel_reflects_pred[where Pred="Pred"] indRelR_cond_reflection_iff_indRelL_cond_preservation[where Pred="Pred"] by simp lemma (in encoding) enc_respects_pred_iff_source_target_rel_respects_pred_encL: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_respects_pred Pred = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_pred Rel Pred)" using enc_respects_pred_iff_source_target_rel_respects_pred_encR[where Pred="Pred"] indRelR_cond_respection_iff_indRelL_cond_respection[where Pred="Pred"] by simp text ‹To analyse the respection of source term behaviours we use relations that contain both kind of pairs: (S, enc S) as well as (enc S, S) for all source terms S.› inductive_set (in encoding) indRel :: "((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRel" | encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRel" abbreviation (in encoding) indRelInfix :: "('procS, 'procT) Proc ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧ _" [75, 75] 80) where "P ℛ⟦⋅⟧ Q ≡ (P, Q) ∈ indRel" lemma (in encoding) indRel_symm: shows "sym indRel" unfolding sym_def by (auto simp add: indRel.simps indRel.encR indRel.encL) inductive_set (in encoding) indRelEQ :: "((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelEQ" | encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelEQ" | target: "(TargetTerm T, TargetTerm T) ∈ indRelEQ" | trans: "⟦(P, Q) ∈ indRelEQ; (Q, R) ∈ indRelEQ⟧ ⟹ (P, R) ∈ indRelEQ" abbreviation (in encoding) indRelEQinfix :: "('procS, 'procT) Proc ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ∼⟦⋅⟧ _" [75, 75] 80) where "P ∼⟦⋅⟧ Q ≡ (P, Q) ∈ indRelEQ" lemma (in encoding) indRelEQ_refl: shows "refl indRelEQ" unfolding refl_on_def proof auto fix P show "P ∼⟦⋅⟧ P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" moreover have "SourceTerm SP ∼⟦⋅⟧ TargetTerm (⟦SP⟧)" by (rule indRelEQ.encR) moreover have "TargetTerm (⟦SP⟧) ∼⟦⋅⟧ SourceTerm SP" by (rule indRelEQ.encL) ultimately show "P ∼⟦⋅⟧ P" by (simp add: indRelEQ.trans[where P="SourceTerm SP" and Q="TargetTerm (⟦SP⟧)"]) next case (TargetTerm TP) assume "TP ∈T P" thus "P ∼⟦⋅⟧ P" by (simp add: indRelEQ.target) qed qed lemma (in encoding) indRelEQ_is_preorder: shows "preorder indRelEQ" unfolding preorder_on_def proof show "refl indRelEQ" by (rule indRelEQ_refl) next show "trans indRelEQ" unfolding trans_def proof clarify fix P Q R assume "P ∼⟦⋅⟧ Q" and "Q ∼⟦⋅⟧ R" thus "P ∼⟦⋅⟧ R" by (rule indRelEQ.trans) qed qed lemma (in encoding) indRelEQ_symm: shows "sym indRelEQ" unfolding sym_def proof clarify fix P Q assume "P ∼⟦⋅⟧ Q" thus "Q ∼⟦⋅⟧ P" proof induct case (encR S) show "TargetTerm (⟦S⟧) ∼⟦⋅⟧ SourceTerm S" by (rule indRelEQ.encL) next case (encL S) show "SourceTerm S ∼⟦⋅⟧ TargetTerm (⟦S⟧)" by (rule indRelEQ.encR) next case (target T) show "TargetTerm T ∼⟦⋅⟧ TargetTerm T" by (rule indRelEQ.target) next case (trans P Q R) assume "R ∼⟦⋅⟧ Q" and "Q ∼⟦⋅⟧ P" thus "R ∼⟦⋅⟧ P" by (rule indRelEQ.trans) qed qed lemma (in encoding) indRelEQ_is_equivalence: shows "equivalence indRelEQ" using indRelEQ_is_preorder indRelEQ_symm unfolding equiv_def preorder_on_def by blast lemma (in encoding) refl_trans_closure_of_indRel: shows "indRelEQ = indRel⇧*" proof auto fix P Q assume "P ∼⟦⋅⟧ Q" thus "(P, Q) ∈ indRel⇧*" proof induct case (encR S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRel⇧*" using indRel.encR[of S] by simp next case (encL S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRel⇧*" using indRel.encL[of S] by simp next case (target T) show "(TargetTerm T, TargetTerm T) ∈ indRel⇧*" by simp next case (trans P Q R) assume "(P, Q) ∈ indRel⇧*" and "(Q, R) ∈ indRel⇧*" thus "(P, R) ∈ indRel⇧*" by simp qed next fix P Q assume "(P, Q) ∈ indRel⇧*" thus "P ∼⟦⋅⟧ Q" proof induct show "P ∼⟦⋅⟧ P" using indRelEQ_refl unfolding refl_on_def by simp next case (step Q R) assume "P ∼⟦⋅⟧ Q" moreover assume "Q ℛ⟦⋅⟧ R" hence "Q ∼⟦⋅⟧ R" by (induct, simp_all add: indRelEQ.encR indRelEQ.encL) ultimately show "P ∼⟦⋅⟧ R" by (rule indRelEQ.trans) qed qed lemma (in encoding) refl_symm_trans_closure_of_indRel: shows "indRelEQ = (symcl (indRel⇧=))⇧+" proof - have "(symcl (indRel⇧=))⇧+ = (symcl indRel)⇧*" by (rule refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRel"]) moreover have "symcl indRel = indRel" by (simp add: indRel_symm symm_closure_of_symm_rel[where Rel="indRel"]) ultimately show "indRelEQ = (symcl (indRel⇧=))⇧+" by (simp add: refl_trans_closure_of_indRel) qed lemma (in encoding) symm_closure_of_indRelR: shows "indRel = symcl indRelR" and "indRelEQ = (symcl (indRelR⇧=))⇧+" proof - show "indRel = symcl indRelR" proof auto fix P Q assume "P ℛ⟦⋅⟧ Q" thus "(P, Q) ∈ symcl indRelR" by (induct, simp_all add: symcl_def indRelR.encR) next fix P Q assume "(P, Q) ∈ symcl indRelR" thus "P ℛ⟦⋅⟧ Q" by (auto simp add: symcl_def indRelR.simps indRel.encR indRel.encL) qed thus "indRelEQ = (symcl (indRelR⇧=))⇧+" using refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRelR"] refl_trans_closure_of_indRel by simp qed lemma (in encoding) symm_closure_of_indRelL: shows "indRel = symcl indRelL" and "indRelEQ = (symcl (indRelL⇧=))⇧+" proof - show "indRel = symcl indRelL" proof auto fix P Q assume "P ℛ⟦⋅⟧ Q" thus "(P, Q) ∈ symcl indRelL" by (induct, simp_all add: symcl_def indRelL.encL) next fix P Q assume "(P, Q) ∈ symcl indRelL" thus "P ℛ⟦⋅⟧ Q" by (auto simp add: symcl_def indRelL.simps indRel.encR indRel.encL) qed thus "indRelEQ = (symcl (indRelL⇧=))⇧+" using refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRelL"] refl_trans_closure_of_indRel by simp qed text ‹The relation indRel is a combination of indRelL and indRelR. indRel respects a predicate iff indRelR (or indRelL) respects it.› lemma (in encoding) indRel_respects_pred_iff_indRelR_respects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "rel_respects_pred indRel Pred = rel_respects_pred indRelR Pred" proof assume respection: "rel_respects_pred indRel Pred" show "rel_respects_pred indRelR Pred" proof auto fix P Q assume "P ℛ⟦⋅⟧R Q" from this obtain S where "S ∈S P" and "⟦S⟧ ∈T Q" by (induct, blast) hence "P ℛ⟦⋅⟧ Q" by (simp add: indRel.encR) moreover assume "Pred P" ultimately show "Pred Q" using respection by blast next fix P Q assume "P ℛ⟦⋅⟧R Q" from this obtain S where "S ∈S P" and "⟦S⟧ ∈T Q" by (induct, blast) hence "P ℛ⟦⋅⟧ Q" by (simp add: indRel.encR) moreover assume "Pred Q" ultimately show "Pred P" using respection by blast qed next assume "rel_respects_pred indRelR Pred" thus "rel_respects_pred indRel Pred" using symm_closure_of_indRelR(1) respection_and_closures(2)[where Rel="indRelR" and Pred="Pred"] by blast qed lemma (in encoding) indRel_respects_binary_pred_iff_indRelR_respects_binary_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "rel_respects_binary_pred indRel Pred = rel_respects_binary_pred indRelR Pred" proof assume respection: "rel_respects_binary_pred indRel Pred" show "rel_respects_binary_pred indRelR Pred" proof auto fix P Q x assume "P ℛ⟦⋅⟧R Q" from this obtain S where "S ∈S P" and "⟦S⟧ ∈T Q" by (induct, blast) hence "P ℛ⟦⋅⟧ Q" by (simp add: indRel.encR) moreover assume "Pred P x" ultimately show "Pred Q x" using respection by blast next fix P Q x assume "P ℛ⟦⋅⟧R Q" from this obtain S where "S ∈S P" and "⟦S⟧ ∈T Q" by (induct, blast) hence "P ℛ⟦⋅⟧ Q" by (simp add: indRel.encR) moreover assume "Pred Q x" ultimately show "Pred P x" using respection by blast qed next assume "rel_respects_binary_pred indRelR Pred" thus "rel_respects_binary_pred indRel Pred" using symm_closure_of_indRelR(1) respection_of_binary_predicates_and_closures(2)[where Rel="indRelR" and Pred="Pred"] by blast qed lemma (in encoding) indRel_cond_respection_iff_indRelR_cond_respection: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_pred Rel Pred) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred)" proof assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_pred Rel Pred" from this obtain Rel where "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and "rel_respects_pred Rel Pred" by blast thus "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel Pred" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "rel_respects_pred Rel Pred" by blast from A1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ symcl Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ symcl Rel" by (simp add: symcl_def) moreover from A2 have "rel_respects_pred (symcl Rel) Pred" using respection_and_closures(2)[where Rel="Rel" and Pred="Pred"] by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_pred Rel Pred" by blast qed lemma (in encoding) indRel_cond_binary_respection_iff_indRelR_cond_binary_respection: fixes Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" shows "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred)" proof assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred" from this obtain Rel where "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and "rel_respects_binary_pred Rel Pred" by blast thus "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "rel_respects_binary_pred Rel Pred" by blast from A1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ symcl Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ symcl Rel" by (simp add: symcl_def) moreover from A2 have "rel_respects_binary_pred (symcl Rel) Pred" using respection_of_binary_predicates_and_closures(2)[where Rel="Rel" and Pred="Pred"] by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_binary_pred Rel Pred" by blast qed text ‹An encoding respects a predicate iff indRel respects this predicate.› lemma (in encoding) enc_respects_pred_iff_indRel_respects_pred: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_respects_pred Pred = rel_respects_pred indRel Pred" using enc_respects_pred_iff_indRelR_respects_pred[where Pred="Pred"] indRel_respects_pred_iff_indRelR_respects_pred[where Pred="Pred"] by simp text ‹An encoding respects a predicate iff there exists a relation, namely indRel, that relates source terms and their literal translations in both directions and respects this predicate. › lemma (in encoding) enc_respects_pred_iff_source_target_rel_respects_pred_encRL: fixes Pred :: "('procS, 'procT) Proc ⇒ bool" shows "enc_respects_pred Pred = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_pred Rel Pred)" using enc_respects_pred_iff_source_target_rel_respects_pred_encR[where Pred="Pred"] indRel_cond_respection_iff_indRelR_cond_respection[where Pred="Pred"] by simp subsection ‹Relations Induced by the Encoding and a Relation on Target Terms› text ‹Some encodability like e.g. operational correspondence are defined w.r.t. a relation on target terms. To analyse such criteria we include the respective target term relation in the considered relation on the disjoint union of source and target terms.› inductive_set (in encoding) indRelRT :: "('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for TRel :: "('procT × 'procT) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRT TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelRT TRel" abbreviation (in encoding) indRelRTinfix :: "('procS, 'procT) Proc ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧RT<_> _" [75, 75, 75] 80) where "P ℛ⟦⋅⟧RT<TRel> Q ≡ (P, Q) ∈ indRelRT TRel" inductive_set (in encoding) indRelRTPO :: "('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for TRel :: "('procT × 'procT) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" | source: "(SourceTerm S, SourceTerm S) ∈ indRelRTPO TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelRTPO TRel" | trans: "⟦(P, Q) ∈ indRelRTPO TRel; (Q, R) ∈ indRelRTPO TRel⟧ ⟹ (P, R) ∈ indRelRTPO TRel" abbreviation (in encoding) indRelRTPOinfix :: "('procS, 'procT) Proc ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ≲⟦⋅⟧RT<_> _" [75, 75, 75] 80) where "P ≲⟦⋅⟧RT<TRel> Q ≡ (P, Q) ∈ indRelRTPO TRel" lemma (in encoding) indRelRTPO_refl: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" shows "refl (indRelRTPO TRel)" unfolding refl_on_def proof auto fix P show "P ≲⟦⋅⟧RT<TRel> P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" thus "P ≲⟦⋅⟧RT<TRel> P" by (simp add: indRelRTPO.source) next case (TargetTerm TP) assume "TP ∈T P" with refl show "P ≲⟦⋅⟧RT<TRel> P" unfolding refl_on_def by (simp add: indRelRTPO.target) qed qed lemma (in encoding) refl_trans_closure_of_indRelRT: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" shows "indRelRTPO TRel = (indRelRT TRel)⇧*" proof auto fix P Q assume "P ≲⟦⋅⟧RT<TRel> Q" thus "(P, Q) ∈ (indRelRT TRel)⇧*" proof induct case (encR S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ (indRelRT TRel)⇧*" using indRelRT.encR[of S TRel] by simp next case (source S) show "(SourceTerm S, SourceTerm S) ∈ (indRelRT TRel)⇧*" by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ (indRelRT TRel)⇧*" using indRelRT.target[of T1 T2 TRel] by simp next case (trans P Q R) assume "(P, Q) ∈ (indRelRT TRel)⇧*" and "(Q, R) ∈ (indRelRT TRel)⇧*" thus "(P, R) ∈ (indRelRT TRel)⇧*" by simp qed next fix P Q assume "(P, Q) ∈ (indRelRT TRel)⇧*" thus "P ≲⟦⋅⟧RT<TRel> Q" proof induct from refl show "P ≲⟦⋅⟧RT<TRel> P" using indRelRTPO_refl[of TRel] unfolding refl_on_def by simp next case (step Q R) assume "P ≲⟦⋅⟧RT<TRel> Q" moreover assume "Q ℛ⟦⋅⟧RT<TRel> R" hence "Q ≲⟦⋅⟧RT<TRel> R" by (induct, simp_all add: indRelRTPO.encR indRelRTPO.target) ultimately show "P ≲⟦⋅⟧RT<TRel> R" by (rule indRelRTPO.trans) qed qed lemma (in encoding) indRelRTPO_is_preorder: fixes TRel :: "('procT × 'procT) set" assumes reflT: "refl TRel" shows "preorder (indRelRTPO TRel)" unfolding preorder_on_def proof from reflT show "refl (indRelRTPO TRel)" by (rule indRelRTPO_refl) next show "trans (indRelRTPO TRel)" unfolding trans_def proof clarify fix P Q R assume "P ≲⟦⋅⟧RT<TRel> Q" and "Q ≲⟦⋅⟧RT<TRel> R" thus "P ≲⟦⋅⟧RT<TRel> R" using indRelRTPO.trans by blast qed qed lemma (in encoding) transitive_closure_of_TRel_to_indRelRTPO: fixes TRel :: "('procT × 'procT) set" and TP TQ :: "'procT" shows "(TP, TQ) ∈ TRel⇧+ ⟹ TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" proof - assume "(TP, TQ) ∈ TRel⇧+" thus "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" proof induct fix TQ assume "(TP, TQ) ∈ TRel" thus "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" by (rule indRelRTPO.target) next case (step TQ TR) assume "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" moreover assume "(TQ, TR) ∈ TRel" hence "TargetTerm TQ ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (simp add: indRelRTPO.target) ultimately show "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.trans) qed qed text ‹The relation indRelRT is the smallest relation that relates all source terms and their literal translations and contains TRel. Thus there exists a relation that relates source terms and their literal translations and satisfies some predicate on its pairs iff the predicate holds for the pairs of indRelR.› lemma (in encoding) indRelR_modulo_pred_impl_indRelRT_modulo_pred: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" shows "(∀(P, Q) ∈ indRelR. Pred (P, Q)) = (∀TRel. (∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)) ⟷ (∀(P, Q) ∈ indRelRT TRel. Pred (P, Q)))" proof (rule iffI) assume A: "∀(P, Q) ∈ indRelR. Pred (P, Q)" show "∀TRel. (∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)) = (∀(P, Q) ∈ indRelRT TRel. Pred (P, Q))" proof (rule allI, rule iffI) fix TRel assume "∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)" with A show "∀(P, Q) ∈ indRelRT TRel. Pred (P, Q)" by (auto simp add: indRelR.encR indRelRT.simps) next fix TRel assume "∀(P, Q) ∈ indRelRT TRel. Pred (P, Q)" thus "∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)" by (auto simp add: indRelRT.target) qed next assume "∀TRel. (∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)) ⟷ (∀(P, Q) ∈ indRelRT TRel. Pred (P, Q))" hence B: "⋀TRel. (∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)) ⟷ (∀(P, Q) ∈ indRelRT TRel. Pred (P, Q))" by blast have "⋀S. Pred (SourceTerm S, TargetTerm (⟦S⟧))" using B[of "{}"] by (simp add: indRelRT.simps) thus "∀(P, Q) ∈ indRelR. Pred (P, Q)" by (auto simp add: indRelR.simps) qed lemma (in encoding) indRelRT_iff_exists_source_target_relation: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" shows "(∀TRel. (∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)) ⟷ (∀(P, Q) ∈ indRelRT TRel. Pred (P, Q))) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. Pred (P, Q)))" using indRelR_iff_exists_source_target_relation[where Pred="Pred"] indRelR_modulo_pred_impl_indRelRT_modulo_pred[where Pred="Pred"] by simp lemma (in encoding) indRelRT_modulo_pred_impl_indRelRTPO_modulo_pred: fixes TRel :: "('procT × 'procT) set" and Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" assumes reflCond: "∀P. Pred (P, P)" and transCond: "∀P Q R. Pred (P, Q) ∧ Pred (Q, R) ⟶ Pred (P, R)" shows "(∀(P, Q) ∈ indRelRT TRel. Pred (P, Q)) = (∀(P, Q) ∈ indRelRTPO TRel. Pred (P, Q))" proof auto fix P Q assume A: "∀x ∈ indRelRT TRel. Pred x" assume "P ≲⟦⋅⟧RT<TRel> Q" thus "Pred (P, Q)" proof induct case (encR S) have "SourceTerm S ℛ⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (simp add: indRelRT.encR) with A show "Pred (SourceTerm S, TargetTerm (⟦S⟧))" by simp next case (source S) from reflCond show "Pred (SourceTerm S, SourceTerm S)" by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" hence "TargetTerm T1 ℛ⟦⋅⟧RT<TRel> TargetTerm T2" by (simp add: indRelRT.target) with A show "Pred (TargetTerm T1, TargetTerm T2)" by simp next case (trans P Q R) assume "Pred (P, Q)" and "Pred (Q, R)" with transCond show "Pred (P, R)" by blast qed next fix P Q assume "∀x ∈ indRelRTPO TRel. Pred x" and "P ℛ⟦⋅⟧RT<TRel> Q" thus "Pred (P, Q)" by (auto simp add: indRelRTPO.encR indRelRTPO.target indRelRT.simps) qed lemma (in encoding) indRelR_modulo_pred_impl_indRelRTPO_modulo_pred: fixes Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) ⇒ bool" assumes "∀P. Pred (P, P)" and "∀P Q R. Pred (P, Q) ∧ Pred (Q, R) ⟶ Pred (P, R)" shows "(∀(P, Q) ∈ indRelR. Pred (P, Q)) = (∀TRel. (∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)) ⟷ (∀(P, Q) ∈ indRelRTPO TRel. Pred (P, Q)))" proof - have "(∀(P, Q)∈indRelR. Pred (P, Q)) = (∀TRel. (∀(TP, TQ) ∈ TRel. Pred (TargetTerm TP, TargetTerm TQ)) ⟷ (∀(P, Q) ∈ indRelRT TRel. Pred (P, Q)))" using indRelR_modulo_pred_impl_indRelRT_modulo_pred[where Pred="Pred"] by simp moreover have "∀TRel. (∀(P, Q)∈indRelRT TRel. Pred (P, Q)) = (∀(P, Q)∈indRelRTPO TRel. Pred (P, Q))" using assms indRelRT_modulo_pred_impl_indRelRTPO_modulo_pred[where Pred="Pred"] by blast ultimately show ?thesis by simp qed text ‹The relation indRelLT includes TRel and relates literal translations and their source terms.› inductive_set (in encoding) indRelLT :: "('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for TRel :: "('procT × 'procT) set" where encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelLT TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelLT TRel" abbreviation (in encoding) indRelLTinfix :: "('procS, 'procT) Proc ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧LT<_> _" [75, 75, 75] 80) where "P ℛ⟦⋅⟧LT<TRel> Q ≡ (P, Q) ∈ indRelLT TRel" inductive_set (in encoding) indRelLTPO :: "('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for TRel :: "('procT × 'procT) set" where encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelLTPO TRel" | source: "(SourceTerm S, SourceTerm S) ∈ indRelLTPO TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelLTPO TRel" | trans: "⟦(P, Q) ∈ indRelLTPO TRel; (Q, R) ∈ indRelLTPO TRel⟧ ⟹ (P, R) ∈ indRelLTPO TRel" abbreviation (in encoding) indRelLTPOinfix :: "('procS, 'procT) Proc ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ≲⟦⋅⟧LT<_> _" [75, 75, 75] 80) where "P ≲⟦⋅⟧LT<TRel> Q ≡ (P, Q) ∈ indRelLTPO TRel" lemma (in encoding) indRelLTPO_refl: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" shows "refl (indRelLTPO TRel)" unfolding refl_on_def proof auto fix P show "P ≲⟦⋅⟧LT<TRel> P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" thus "P ≲⟦⋅⟧LT<TRel> P" by (simp add: indRelLTPO.source) next case (TargetTerm TP) assume "TP ∈T P" with refl show "P ≲⟦⋅⟧LT<TRel> P" using indRelLTPO.target[of TP TP TRel] unfolding refl_on_def by simp qed qed lemma (in encoding) refl_trans_closure_of_indRelLT: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" shows "indRelLTPO TRel = (indRelLT TRel)⇧*" proof auto fix P Q assume "P ≲⟦⋅⟧LT<TRel> Q" thus "(P, Q) ∈ (indRelLT TRel)⇧*" proof induct case (encL S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ (indRelLT TRel)⇧*" using indRelLT.encL[of S TRel] by simp next case (source S) show "(SourceTerm S, SourceTerm S) ∈ (indRelLT TRel)⇧*" by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ (indRelLT TRel)⇧*" using indRelLT.target[of T1 T2 TRel] by simp next case (trans P Q R) assume "(P, Q) ∈ (indRelLT TRel)⇧*" and "(Q, R) ∈ (indRelLT TRel)⇧*" thus "(P, R) ∈ (indRelLT TRel)⇧*" by simp qed next fix P Q assume "(P, Q) ∈ (indRelLT TRel)⇧*" thus "P ≲⟦⋅⟧LT<TRel> Q" proof induct from refl show "P ≲⟦⋅⟧LT<TRel> P" using indRelLTPO_refl[of TRel] unfolding refl_on_def by simp next case (step Q R) assume "P ≲⟦⋅⟧LT<TRel> Q" moreover assume "Q ℛ⟦⋅⟧LT<TRel> R" hence "Q ≲⟦⋅⟧LT<TRel> R" by (induct, simp_all add: indRelLTPO.encL indRelLTPO.target) ultimately show "P ≲⟦⋅⟧LT<TRel> R" by (rule indRelLTPO.trans) qed qed inductive_set (in encoding) indRelT :: "('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for TRel :: "('procT × 'procT) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelT TRel" | encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelT TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelT TRel" abbreviation (in encoding) indRelTinfix :: "('procS, 'procT) Proc ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧T<_> _" [75, 75, 75] 80) where "P ℛ⟦⋅⟧T<TRel> Q ≡ (P, Q) ∈ indRelT TRel" lemma (in encoding) indRelT_symm: fixes TRel :: "('procT × 'procT) set" assumes symm: "sym TRel" shows "sym (indRelT TRel)" unfolding sym_def proof clarify fix P Q assume "(P, Q) ∈ indRelT TRel" thus "(Q, P) ∈ indRelT TRel" using symm unfolding sym_def by (induct, simp_all add: indRelT.encL indRelT.encR indRelT.target) qed inductive_set (in encoding) indRelTEQ :: "('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for TRel :: "('procT × 'procT) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelTEQ TRel" | encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelTEQ TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelTEQ TRel" | trans: "⟦(P, Q) ∈ indRelTEQ TRel; (Q, R) ∈ indRelTEQ TRel⟧ ⟹ (P, R) ∈ indRelTEQ TRel" abbreviation (in encoding) indRelTEQinfix :: "('procS, 'procT) Proc ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ∼⟦⋅⟧T<_> _" [75, 75, 75] 80) where "P ∼⟦⋅⟧T<TRel> Q ≡ (P, Q) ∈ indRelTEQ TRel" lemma (in encoding) indRelTEQ_refl: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" shows "refl (indRelTEQ TRel)" unfolding refl_on_def proof auto fix P show "P ∼⟦⋅⟧T<TRel> P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" moreover have "SourceTerm SP ∼⟦⋅⟧T<TRel> TargetTerm (⟦SP⟧)" by (rule indRelTEQ.encR) moreover have "TargetTerm (⟦SP⟧) ∼⟦⋅⟧T<TRel> SourceTerm SP" by (rule indRelTEQ.encL) ultimately show "P ∼⟦⋅⟧T<TRel> P" by (simp add: indRelTEQ.trans[where P="SourceTerm SP" and Q="TargetTerm (⟦SP⟧)"]) next case (TargetTerm TP) assume "TP ∈T P" with refl show "P ∼⟦⋅⟧T<TRel> P" unfolding refl_on_def by (simp add: indRelTEQ.target) qed qed lemma (in encoding) indRelTEQ_symm: fixes TRel :: "('procT × 'procT) set" assumes symm: "sym TRel" shows "sym (indRelTEQ TRel)" unfolding sym_def proof clarify fix P Q assume "P ∼⟦⋅⟧T<TRel> Q" thus "Q ∼⟦⋅⟧T<TRel> P" proof induct case (encR S) show "TargetTerm (⟦S⟧) ∼⟦⋅⟧T<TRel> SourceTerm S" by (rule indRelTEQ.encL) next case (encL S) show "SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧)" by (rule indRelTEQ.encR) next case (target T1 T2) assume "(T1, T2) ∈ TRel" with symm show "TargetTerm T2 ∼⟦⋅⟧T<TRel> TargetTerm T1" unfolding sym_def by (simp add: indRelTEQ.target) next case (trans P Q R) assume "R ∼⟦⋅⟧T<TRel> Q" and "Q ∼⟦⋅⟧T<TRel> P" thus "R ∼⟦⋅⟧T<TRel> P" by (rule indRelTEQ.trans) qed qed lemma (in encoding) refl_trans_closure_of_indRelT: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" shows "indRelTEQ TRel = (indRelT TRel)⇧*" proof auto fix P Q assume "P ∼⟦⋅⟧T<TRel> Q" thus "(P, Q) ∈ (indRelT TRel)⇧*" proof induct case (encR S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ (indRelT TRel)⇧*" using indRelT.encR[of S TRel] by simp next case (encL S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ (indRelT TRel)⇧*" using indRelT.encL[of S TRel] by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ (indRelT TRel)⇧*" using indRelT.target[of T1 T2 TRel] by simp next case (trans P Q R) assume "(P, Q) ∈ (indRelT TRel)⇧*" and "(Q, R) ∈ (indRelT TRel)⇧*" thus "(P, R) ∈ (indRelT TRel)⇧*" by simp qed next fix P Q assume "(P, Q) ∈ (indRelT TRel)⇧*" thus "P ∼⟦⋅⟧T<TRel> Q" proof induct from refl show "P ∼⟦⋅⟧T<TRel> P" using indRelTEQ_refl[of TRel] unfolding refl_on_def by simp next case (step Q R) assume "P ∼⟦⋅⟧T<TRel> Q" moreover assume "Q ℛ⟦⋅⟧T<TRel> R" hence "Q ∼⟦⋅⟧T<TRel> R" by (induct, simp_all add: indRelTEQ.encR indRelTEQ.encL indRelTEQ.target) ultimately show "P ∼⟦⋅⟧T<TRel> R" by (rule indRelTEQ.trans) qed qed lemma (in encoding) refl_symm_trans_closure_of_indRelT: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" and symm: "sym TRel" shows "indRelTEQ TRel = (symcl ((indRelT TRel)⇧=))⇧+" proof - have "(symcl ((indRelT TRel)⇧=))⇧+ = (symcl (indRelT TRel))⇧*" by (rule refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRelT TRel"]) moreover from symm have "symcl (indRelT TRel) = indRelT TRel" using indRelT_symm[where TRel="TRel"] symm_closure_of_symm_rel[where Rel="indRelT TRel"] by blast ultimately show "indRelTEQ TRel = (symcl ((indRelT TRel)⇧=))⇧+" using refl refl_trans_closure_of_indRelT[where TRel="TRel"] by simp qed lemma (in encoding) symm_closure_of_indRelRT: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" and symm: "sym TRel" shows "indRelT TRel = symcl (indRelRT TRel)" and "indRelTEQ TRel = (symcl ((indRelRT TRel)⇧=))⇧+" proof - show "indRelT TRel = symcl (indRelRT TRel)" proof auto fix P Q assume "P ℛ⟦⋅⟧T<TRel> Q" thus "(P, Q) ∈ symcl (indRelRT TRel)" by (induct, simp_all add: symcl_def indRelRT.encR indRelRT.target) next fix P Q assume "(P, Q) ∈ symcl (indRelRT TRel)" thus "P ℛ⟦⋅⟧T<TRel> Q" proof (auto simp add: symcl_def indRelRT.simps) fix S show "SourceTerm S ℛ⟦⋅⟧T<TRel> TargetTerm (⟦S⟧)" by (rule indRelT.encR) next fix T1 T2 assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ℛ⟦⋅⟧T<TRel> TargetTerm T2" by (rule indRelT.target) next fix S show "TargetTerm (⟦S⟧) ℛ⟦⋅⟧T<TRel> SourceTerm S" by (rule indRelT.encL) next fix T1 T2 assume "(T1, T2) ∈ TRel" with symm show "TargetTerm T2 ℛ⟦⋅⟧T<TRel> TargetTerm T1" unfolding sym_def by (simp add: indRelT.target) qed qed with refl show "indRelTEQ TRel = (symcl ((indRelRT TRel)⇧=))⇧+" using refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRelRT TRel"] refl_trans_closure_of_indRelT by simp qed lemma (in encoding) symm_closure_of_indRelLT: fixes TRel :: "('procT × 'procT) set" assumes refl: "refl TRel" and symm: "sym TRel" shows "indRelT TRel = symcl (indRelLT TRel)" and "indRelTEQ TRel = (symcl ((indRelLT TRel)⇧=))⇧+" proof - show "indRelT TRel = symcl (indRelLT TRel)" proof auto fix P Q assume "P ℛ⟦⋅⟧T<TRel> Q" thus "(P, Q) ∈ symcl (indRelLT TRel)" by (induct, simp_all add: symcl_def indRelLT.encL indRelLT.target) next fix P Q assume "(P, Q) ∈ symcl (indRelLT TRel)" thus "P ℛ⟦⋅⟧T<TRel> Q" proof (auto simp add: symcl_def indRelLT.simps) fix S show "SourceTerm S ℛ⟦⋅⟧T<TRel> TargetTerm (⟦S⟧)" by (rule indRelT.encR) next fix T1 T2 assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ℛ⟦⋅⟧T<TRel> TargetTerm T2" by (rule indRelT.target) next fix S show "TargetTerm (⟦S⟧) ℛ⟦⋅⟧T<TRel> SourceTerm S" by (rule indRelT.encL) next fix T1 T2 assume "(T1, T2) ∈ TRel" with symm show "TargetTerm T2 ℛ⟦⋅⟧T<TRel> TargetTerm T1" unfolding sym_def by (simp add: indRelT.target) qed qed with refl show "indRelTEQ TRel = (symcl ((indRelLT TRel)⇧=))⇧+" using refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRelLT TRel"] refl_trans_closure_of_indRelT by simp qed text ‹If the relations indRelRT, indRelLT, or indRelT contain a pair of target terms, then this pair is also related by the considered target term relation.› lemma (in encoding) indRelRT_to_TRel: fixes TRel :: "('procT × 'procT) set" and TP TQ :: "'procT" assumes rel: "TargetTerm TP ℛ⟦⋅⟧RT<TRel> TargetTerm TQ" shows "(TP, TQ) ∈ TRel" using rel by (simp add: indRelRT.simps) lemma (in encoding) indRelLT_to_TRel: fixes TRel :: "('procT × 'procT) set" and TP TQ :: "'procT" assumes rel: "TargetTerm TP ℛ⟦⋅⟧LT<TRel> TargetTerm TQ" shows "(TP, TQ) ∈ TRel" using rel by (simp add: indRelLT.simps) lemma (in encoding) indRelT_to_TRel: fixes TRel :: "('procT × 'procT) set" and TP TQ :: "'procT" assumes rel: "TargetTerm TP ℛ⟦⋅⟧T<TRel> TargetTerm TQ" shows "(TP, TQ) ∈ TRel" using rel by (simp add: indRelT.simps) text ‹If the preorders indRelRTPO, indRelLTPO, or the equivalence indRelTEQ contain a pair of terms, then the pair of target terms that is related to these two terms is also related by the reflexive and transitive closure of the considered target term relation.› lemma (in encoding) indRelRTPO_to_TRel: fixes TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes rel: "P ≲⟦⋅⟧RT<TRel> Q" shows "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ SP = SQ" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ False" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" proof - have reflTRel: "∀S. (⟦S⟧, ⟦S⟧) ∈ TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧}" by auto from rel show "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ SP = SQ" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ False" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" proof induct case (encR S) show "∀SP SQ. SP ∈S SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ SP = SQ" and "∀TP SQ. TP ∈T SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ False" and "∀TP TQ. TP ∈T SourceTerm S ∧ TQ ∈T TargetTerm (⟦S⟧) ⟶ (TP, TQ) ∈ TRel⇧+" by simp_all from reflTRel show "∀SP TQ. SP ∈S SourceTerm S ∧ TQ ∈T TargetTerm (⟦S⟧) ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast next case (source S) show "∀SP SQ. SP ∈S SourceTerm S ∧ SQ ∈S SourceTerm S ⟶ SP = SQ" by simp show "∀SP TQ. SP ∈S SourceTerm S ∧ TQ ∈T SourceTerm S ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP SQ. TP ∈T SourceTerm S ∧ SQ ∈S SourceTerm S ⟶ False" and "∀TP TQ. TP ∈T SourceTerm S ∧ TQ ∈T SourceTerm S ⟶ (TP, TQ) ∈ TRel⇧+" by simp_all next case (target T1 T2) show "∀SP SQ. SP ∈S TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ SP = SQ" and "∀SP TQ. SP ∈S TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP SQ. TP ∈T TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ False" by simp_all assume "(T1, T2) ∈ TRel" thus "∀TP TQ. TP ∈T TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (TP, TQ) ∈ TRel⇧+" by simp next case (trans P Q R) assume A1: "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ SP = SQ" and A2: "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A3: "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ False" and A4: "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" and A5: "∀SQ SR. SQ ∈S Q ∧ SR ∈S R ⟶ SQ = SR" and A6: "∀SQ TR. SQ ∈S Q ∧ TR ∈T R ⟶ (⟦SQ⟧, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A7: "∀TQ SR. TQ ∈T Q ∧ SR ∈S R ⟶ False" and A8: "∀TQ TR. TQ ∈T Q ∧ TR ∈T R ⟶ (TQ, TR) ∈ TRel⇧+" show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ SP = SR" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A1 A5 show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ SP = SR" by blast next case (TargetTerm TQ) assume "TQ ∈T Q" with A7 show ?thesis by blast qed show "∀SP TR. SP ∈S P ∧ TR ∈T R ⟶ (⟦SP⟧, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A1 A6 show ?thesis by blast next case (TargetTerm TQ) assume A9: "TQ ∈T Q" show "∀SP TR. SP ∈S P ∧ TR ∈T R ⟶ (⟦SP⟧, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof clarify fix SP TR assume "SP ∈S P" with A2 A9 have "(⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp moreover assume "TR ∈T R" with A8 A9 have "(TQ, TR) ∈ TRel⇧+" by simp hence "(TQ, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof induct fix T2 assume "(TQ, T2) ∈ TRel" thus "(TQ, T2) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast next case (step T2 T3) assume "(TQ, T2) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" moreover assume "(T2, T3) ∈ TRel" hence "(T2, T3) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast ultimately show "(TQ, T3) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp qed ultimately show "(⟦SP⟧, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp qed qed show "∀TP SR. TP ∈T P ∧ SR ∈S R ⟶ False" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A3 show ?thesis by blast next case (TargetTerm TQ) assume "TQ ∈T Q" with A7 show ?thesis by blast qed show "∀TP TR. TP ∈T P ∧ TR ∈T R ⟶ (TP, TR) ∈ TRel⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A3 show ?thesis by blast next case (TargetTerm TQ) assume "TQ ∈T Q" with A4 A8 show "∀TP TR. TP ∈T P ∧ TR ∈T R ⟶ (TP, TR) ∈ TRel⇧+" by auto qed qed qed lemma (in encoding) indRelLTPO_to_TRel: fixes TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes rel: "P ≲⟦⋅⟧LT<TRel> Q" shows "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ SP = SQ" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ False" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" proof - have reflTRel: "∀S. (⟦S⟧, ⟦S⟧) ∈ TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧}" by auto from rel show "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ SP = SQ" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ False" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" proof induct case (encL S) show "∀SP SQ. SP ∈S TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ SP = SQ" and "∀SP TQ. SP ∈S TargetTerm (⟦S⟧) ∧ TQ ∈T SourceTerm S ⟶ False" and "∀TP TQ. TP ∈T TargetTerm (⟦S⟧) ∧ TQ ∈T SourceTerm S ⟶ (TP, TQ) ∈ TRel⇧+" by simp_all from reflTRel show "∀TP SQ. TP ∈T TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast next case (source S) show "∀SP SQ. SP ∈S SourceTerm S ∧ SQ ∈S SourceTerm S ⟶ SP = SQ" by simp show "∀SP TQ. SP ∈S SourceTerm S ∧ TQ ∈T SourceTerm S ⟶ False" and "∀TP SQ. TP ∈T SourceTerm S ∧ SQ ∈S SourceTerm S ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP TQ. TP ∈T SourceTerm S ∧ TQ ∈T SourceTerm S ⟶ (TP, TQ) ∈ TRel⇧+" by simp_all next case (target T1 T2) show "∀SP SQ. SP ∈S TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ SP = SQ" and "∀SP TQ. SP ∈S TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ False" and "∀TP SQ. TP ∈T TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp_all assume "(T1, T2) ∈ TRel" thus "∀TP TQ. TP ∈T TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (TP, TQ) ∈ TRel⇧+" by simp next case (trans P Q R) assume A1: "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ SP = SQ" and A2: "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ False" and A3: "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A4: "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" and A5: "∀SQ SR. SQ ∈S Q ∧ SR ∈S R ⟶ SQ = SR" and A6: "∀SQ TR. SQ ∈S Q ∧ TR ∈T R ⟶ False" and A7: "∀TQ SR. TQ ∈T Q ∧ SR ∈S R ⟶ (TQ, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A8: "∀TQ TR. TQ ∈T Q ∧ TR ∈T R ⟶ (TQ, TR) ∈ TRel⇧+" show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ SP = SR" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A1 A5 show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ SP = SR" by blast next case (TargetTerm TQ) assume "TQ ∈T Q" with A2 show ?thesis by blast qed show "∀SP TR. SP ∈S P ∧ TR ∈T R ⟶ False" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A6 show ?thesis by blast next case (TargetTerm TQ) assume "TQ ∈T Q" with A2 show ?thesis by blast qed show "∀TP SR. TP ∈T P ∧ SR ∈S R ⟶ (TP, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A3 A5 show "∀TP SR. TP ∈T P ∧ SR ∈S R ⟶ (TP, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast next case (TargetTerm TQ) assume A9: "TQ ∈T Q" show "∀TP SR. TP ∈T P ∧ SR ∈S R ⟶ (TP, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof clarify fix TP SR assume "TP ∈T P" with A4 A9 have "(TP, TQ) ∈ TRel⇧+" by simp hence "(TP, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof induct fix T2 assume "(TP, T2) ∈ TRel" thus "(TP, T2) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast next case (step T2 T3) assume "(TP, T2) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" moreover assume "(T2, T3) ∈ TRel" hence "(T2, T3) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast ultimately show "(TP, T3) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp qed moreover assume "SR ∈S R" with A7 A9 have "(TQ, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp ultimately show "(TP, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp qed qed show "∀TP TR. TP ∈T P ∧ TR ∈T R ⟶ (TP, TR) ∈ TRel⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A6 show ?thesis by blast next case (TargetTerm TQ) assume "TQ ∈T Q" with A4 A8 show "∀TP TR. TP ∈T P ∧ TR ∈T R ⟶ (TP, TR) ∈ TRel⇧+" by auto qed qed qed lemma (in encoding) indRelTEQ_to_TRel: fixes TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes rel: "P ∼⟦⋅⟧T<TRel> Q" shows "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof - have reflTRel: "∀S. (⟦S⟧, ⟦S⟧) ∈ TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧}" by auto from rel show "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof induct case (encR S) show "∀SP SQ. SP ∈S SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP SQ. TP ∈T SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP TQ. TP ∈T SourceTerm S ∧ TQ ∈T TargetTerm (⟦S⟧) ⟶ (TP, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp+ from reflTRel show "∀SP TQ. SP ∈S SourceTerm S ∧ TQ ∈T TargetTerm (⟦S⟧) ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast next case (encL S) show "∀SP SQ. SP ∈S TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀SP TQ. SP ∈S TargetTerm (⟦S⟧) ∧ TQ ∈T SourceTerm S ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP TQ. TP ∈T TargetTerm (⟦S⟧) ∧ TQ ∈T SourceTerm S ⟶ (TP, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp+ from reflTRel show "∀TP SQ. TP ∈T TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast next case (target T1 T2) show "∀SP SQ. SP ∈S TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀SP TQ. SP ∈S TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and "∀TP SQ. TP ∈T TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by simp+ assume "(T1, T2) ∈ TRel" thus "∀TP TQ. TP ∈T TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (TP, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" by blast next case (trans P Q R) assume A1: "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A2: "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A3: "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (TP, ⟦SQ⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A4: "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A5: "∀SQ SR. SQ ∈S Q ∧ SR ∈S R ⟶ (⟦SQ⟧, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A6: "∀SQ TR. SQ ∈S Q ∧ TR ∈T R ⟶ (⟦SQ⟧, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A7: "∀TQ SR. TQ ∈T Q ∧ SR ∈S R ⟶ (TQ, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" and A8: "∀TQ TR. TQ ∈T Q ∧ TR ∈T R ⟶ (TQ, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ (⟦SP⟧, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A1 A5 show ?thesis by auto next case (TargetTerm TQ) assume "TQ ∈T Q" with A2 A7 show ?thesis by auto qed show "∀SP TR. SP ∈S P ∧ TR ∈T R ⟶ (⟦SP⟧, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A1 A6 show ?thesis by auto next case (TargetTerm TQ) assume "TQ ∈T Q" with A2 A8 show ?thesis by auto qed show "∀TP SR. TP ∈T P ∧ SR ∈S R ⟶ (TP, ⟦SR⟧) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A3 A5 show ?thesis by auto next case (TargetTerm TQ) assume "TQ ∈T Q" with A4 A7 show ?thesis by auto qed show "∀TP TR. TP ∈T P ∧ TR ∈T R ⟶ (TP, TR) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A3 A6 show ?thesis by auto next case (TargetTerm TQ) assume "TQ ∈T Q" with A4 A8 show ?thesis by auto qed qed qed lemma (in encoding) trans_closure_of_TRel_refl_cond: fixes TRel :: "('procT × 'procT) set" and TP TQ :: "'procT" assumes "(TP, TQ) ∈ (TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧})⇧+" shows "(TP, TQ) ∈ TRel⇧*" using assms proof induct fix TQ assume "(TP, TQ) ∈ TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧}" thus "(TP, TQ) ∈ TRel⇧*" by auto next case (step TQ TR) assume "(TP, TQ) ∈ TRel⇧*" moreover assume "(TQ, TR) ∈ TRel ∪ {(T1, T2). ∃S. T1 = ⟦S⟧ ∧ T2 = ⟦S⟧}" hence "(TQ, TR) ∈ TRel⇧*" by blast ultimately show "(TP, TR) ∈ TRel⇧*" by simp qed text ‹Note that if indRelRTPO relates a source term S to a target term T, then the translation of S is equal to T or indRelRTPO also relates the translation of S to T.› lemma (in encoding) indRelRTPO_relates_source_target: fixes TRel :: "('procT × 'procT) set" and S :: "'procS" and T :: "'procT" assumes pair: "SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T" shows "(TargetTerm (⟦S⟧), TargetTerm T) ∈ (indRelRTPO TRel)⇧=" proof - from pair have "(⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp hence "⟦S⟧ = T ∨ (⟦S⟧, T) ∈ TRel⇧+" using rtrancl_eq_or_trancl[of "⟦S⟧" T TRel] by blast moreover have "⟦S⟧ = T ⟹ (TargetTerm (⟦S⟧), TargetTerm T) ∈ (indRelRTPO TRel)⇧=" by simp moreover have "(⟦S⟧, T) ∈ TRel⇧+ ⟹ (TargetTerm (⟦S⟧), TargetTerm T) ∈ (indRelRTPO TRel)⇧=" using transitive_closure_of_TRel_to_indRelRTPO[where TRel="TRel"] by simp ultimately show "(TargetTerm (⟦S⟧), TargetTerm T) ∈ (indRelRTPO TRel)⇧=" by blast qed text ‹If indRelRTPO, indRelLTPO, or indRelTPO preserves barbs then so does the corresponding target term relation.› lemma (in encoding_wrt_barbs) rel_with_target_impl_TRel_preserves_barbs: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes preservation: "rel_preserves_barbs Rel (STCalWB SWB TWB)" and targetInRel: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" shows "rel_preserves_barbs TRel TWB" proof clarify fix TP TQ a assume "(TP, TQ) ∈ TRel" with targetInRel have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by blast moreover assume "TP↓<TWB>a" hence "TargetTerm TP↓.a" by simp ultimately have "TargetTerm TQ↓.a" using preservation preservation_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast thus "TQ↓<TWB>a" by simp qed lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_preserves_barbs: fixes TRel :: "('procT × 'procT) set" assumes preservation: "rel_preserves_barbs (indRelRTPO TRel) (STCalWB SWB TWB)" shows "rel_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_preserves_barbs[where Rel="indRelRTPO TRel" and TRel="TRel"] by (simp add: indRelRTPO.target) lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_preserves_barbs: fixes TRel :: "('procT × 'procT) set" assumes preservation: "rel_preserves_barbs (indRelLTPO TRel) (STCalWB SWB TWB)" shows "rel_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_preserves_barbs[where Rel="indRelLTPO TRel" and TRel="TRel"] by (simp add: indRelLTPO.target) lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_preserves_barbs: fixes TRel :: "('procT × 'procT) set" assumes preservation: "rel_preserves_barbs (indRelTEQ TRel) (STCalWB SWB TWB)" shows "rel_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_preserves_barbs[where Rel="indRelTEQ TRel" and TRel="TRel"] by (simp add: indRelTEQ.target) lemma (in encoding_wrt_barbs) rel_with_target_impl_TRel_weakly_preserves_barbs: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes preservation: "rel_weakly_preserves_barbs Rel (STCalWB SWB TWB)" and targetInRel: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" shows "rel_weakly_preserves_barbs TRel TWB" proof clarify fix TP TQ a TP' assume "(TP, TQ) ∈ TRel" with targetInRel have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by blast moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>a" hence "TargetTerm TP⇓.a" by blast ultimately have "TargetTerm TQ⇓.a" using preservation weak_preservation_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast thus "TQ⇓<TWB>a" by simp qed lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_weakly_preserves_barbs: fixes TRel :: "('procT × 'procT) set" assumes preservation: "rel_weakly_preserves_barbs (indRelRTPO TRel) (STCalWB SWB TWB)" shows "rel_weakly_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_weakly_preserves_barbs[where Rel="indRelRTPO TRel" and TRel="TRel"] by (simp add: indRelRTPO.target) lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_weakly_preserves_barbs: fixes TRel :: "('procT × 'procT) set" assumes preservation: "rel_weakly_preserves_barbs (indRelLTPO TRel) (STCalWB SWB TWB)" shows "rel_weakly_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_weakly_preserves_barbs[where Rel="indRelLTPO TRel" and TRel="TRel"] by (simp add: indRelLTPO.target) lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_weakly_preserves_barbs: fixes TRel :: "('procT × 'procT) set" assumes preservation: "rel_weakly_preserves_barbs (indRelTEQ TRel) (STCalWB SWB TWB)" shows "rel_weakly_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_weakly_preserves_barbs[where Rel="indRelTEQ TRel" and TRel="TRel"] by (simp add: indRelTEQ.target) text ‹If indRelRTPO, indRelLTPO, or indRelTPO reflects barbs then so does the corresponding target term relation.› lemma (in encoding_wrt_barbs) rel_with_target_impl_TRel_reflects_barbs: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes reflection: "rel_reflects_barbs Rel (STCalWB SWB TWB)" and targetInRel: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" shows "rel_reflects_barbs TRel TWB" proof clarify fix TP TQ a assume "(TP, TQ) ∈ TRel" with targetInRel have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by blast moreover assume "TQ↓<TWB>a" hence "TargetTerm TQ↓.a" by simp ultimately have "TargetTerm TP↓.a" using reflection reflection_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast thus "TP↓<TWB>a" by simp qed lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_reflects_barbs: fixes TRel :: "('procT × 'procT) set" assumes reflection: "rel_reflects_barbs (indRelRTPO TRel) (STCalWB SWB TWB)" shows "rel_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_reflects_barbs[where Rel="indRelRTPO TRel" and TRel="TRel"] by (simp add: indRelRTPO.target) lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_reflects_barbs: fixes TRel :: "('procT × 'procT) set" assumes reflection: "rel_reflects_barbs (indRelLTPO TRel) (STCalWB SWB TWB)" shows "rel_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_reflects_barbs[where Rel="indRelLTPO TRel" and TRel="TRel"] by (simp add: indRelLTPO.target) lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_reflects_barbs: fixes TRel :: "('procT × 'procT) set" assumes reflection: "rel_reflects_barbs (indRelTEQ TRel) (STCalWB SWB TWB)" shows "rel_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_reflects_barbs[where Rel="indRelTEQ TRel" and TRel="TRel"] by (simp add: indRelTEQ.target) lemma (in encoding_wrt_barbs) rel_with_target_impl_TRel_weakly_reflects_barbs: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes reflection: "rel_weakly_reflects_barbs Rel (STCalWB SWB TWB)" and targetInRel: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" shows "rel_weakly_reflects_barbs TRel TWB" proof clarify fix TP TQ a TQ' assume "(TP, TQ) ∈ TRel" with targetInRel have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by blast moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>a" hence "TargetTerm TQ⇓.a" by blast ultimately have "TargetTerm TP⇓.a" using reflection weak_reflection_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast thus "TP⇓<TWB>a" by simp qed lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_weakly_reflects_barbs: fixes TRel :: "('procT × 'procT) set" assumes reflection: "rel_weakly_reflects_barbs (indRelRTPO TRel) (STCalWB SWB TWB)" shows "rel_weakly_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_weakly_reflects_barbs[where Rel="indRelRTPO TRel" and TRel="TRel"] by (simp add: indRelRTPO.target) lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_weakly_reflects_barbs: fixes TRel :: "('procT × 'procT) set" assumes reflection: "rel_weakly_reflects_barbs (indRelLTPO TRel) (STCalWB SWB TWB)" shows "rel_weakly_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_weakly_reflects_barbs[where Rel="indRelLTPO TRel" and TRel="TRel"] by (simp add: indRelLTPO.target) lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_weakly_reflects_barbs: fixes TRel :: "('procT × 'procT) set" assumes reflection: "rel_weakly_reflects_barbs (indRelTEQ TRel) (STCalWB SWB TWB)" shows "rel_weakly_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_weakly_reflects_barbs[where Rel="indRelTEQ TRel" and TRel="TRel"] by (simp add: indRelTEQ.target) text ‹If indRelRTPO, indRelLTPO, or indRelTPO respects barbs then so does the corresponding target term relation.› lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_respects_barbs: fixes TRel :: "('procT × 'procT) set" assumes respection: "rel_respects_barbs (indRelRTPO TRel) (STCalWB SWB TWB)" shows "rel_respects_barbs TRel TWB" using respection indRelRTPO_impl_TRel_preserves_barbs[where TRel="TRel"] indRelRTPO_impl_TRel_reflects_barbs[where TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_respects_barbs: fixes TRel :: "('procT × 'procT) set" assumes respection: "rel_respects_barbs (indRelLTPO TRel) (STCalWB SWB TWB)" shows "rel_respects_barbs TRel TWB" using respection indRelLTPO_impl_TRel_preserves_barbs[where TRel="TRel"] indRelLTPO_impl_TRel_reflects_barbs[where TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_respects_barbs: fixes TRel :: "('procT × 'procT) set" assumes respection: "rel_respects_barbs (indRelTEQ TRel) (STCalWB SWB TWB)" shows "rel_respects_barbs TRel TWB" using respection indRelTEQ_impl_TRel_preserves_barbs[where TRel="TRel"] indRelTEQ_impl_TRel_reflects_barbs[where TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_weakly_respects_barbs: fixes TRel :: "('procT × 'procT) set" assumes respection: "rel_weakly_respects_barbs (indRelRTPO TRel) (STCalWB SWB TWB)" shows "rel_weakly_respects_barbs TRel TWB" using respection indRelRTPO_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] indRelRTPO_impl_TRel_weakly_reflects_barbs[where TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_weakly_respects_barbs: fixes TRel :: "('procT × 'procT) set" assumes respection: "rel_weakly_respects_barbs (indRelLTPO TRel) (STCalWB SWB TWB)" shows "rel_weakly_respects_barbs TRel TWB" using respection indRelLTPO_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] indRelLTPO_impl_TRel_weakly_reflects_barbs[where TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_weakly_respects_barbs: fixes TRel :: "('procT × 'procT) set" assumes respection: "rel_weakly_respects_barbs (indRelTEQ TRel) (STCalWB SWB TWB)" shows "rel_weakly_respects_barbs TRel TWB" using respection indRelTEQ_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] indRelTEQ_impl_TRel_weakly_reflects_barbs[where TRel="TRel"] by blast text ‹If indRelRTPO, indRelLTPO, or indRelTEQ is a simulation then so is the corresponding target term relation.› lemma (in encoding) rel_with_target_impl_transC_TRel_is_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes sim: "weak_reduction_simulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" shows "weak_reduction_simulation (TRel⇧+) Target" proof clarify fix TP TQ TP' assume "(TP, TQ) ∈ TRel⇧+" and "TP ⟼Target* TP'" thus "∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ TRel⇧+" proof (induct arbitrary: TP') fix TQ TP' assume "(TP, TQ) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼Target* TP'" hence "TargetTerm TP ⟼(STCal Source Target)* (TargetTerm TP')" by (simp add: STCal_steps) ultimately obtain Q' where A2: "TargetTerm TQ ⟼(STCal Source Target)* Q'" and A3: "(TargetTerm TP', Q') ∈ Rel" using sim by blast from A2 obtain TQ' where A4: "TQ ⟼Target* TQ'" and A5: "TQ' ∈T Q'" by (auto simp add: STCal_steps) from A3 A5 trel have "(TP', TQ') ∈ TRel⇧+" by simp with A4 show "∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ TRel⇧+" by blast next case (step TQ TR) assume "TP ⟼Target* TP'" and "⋀TP'. TP ⟼Target* TP' ⟹ ∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ TRel⇧+" from this obtain TQ' where B1: "TQ ⟼Target* TQ'" and B2: "(TP', TQ') ∈ TRel⇧+" by blast assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover from B1 have "TargetTerm TQ ⟼(STCal Source Target)* (TargetTerm TQ')" by (simp add: STCal_steps) ultimately obtain R' where B3: "TargetTerm TR ⟼(STCal Source Target)* R'" and B4: "(TargetTerm TQ', R') ∈ Rel" using sim by blast from B3 obtain TR' where B5: "TR' ∈T R'" and B6: "TR ⟼Target* TR'" by (auto simp add: STCal_steps) from B4 B5 trel have "(TQ', TR') ∈ TRel⇧+" by simp with B2 have "(TP', TR') ∈ TRel⇧+" by simp with B6 show "∃TR'. TR ⟼Target* TR' ∧ (TP', TR') ∈ TRel⇧+" by blast qed qed lemma (in encoding) indRelRTPO_impl_TRel_is_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "weak_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" shows "weak_reduction_simulation (TRel⇧+) Target" using sim indRelRTPO.target[where TRel="TRel"] indRelRTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_simulation[where Rel="indRelRTPO TRel" and TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "weak_reduction_simulation (indRelLTPO TRel) (STCal Source Target)" shows "weak_reduction_simulation (TRel⇧+) Target" using sim indRelLTPO.target[where TRel="TRel"] indRelLTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_simulation[where Rel="indRelLTPO TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_transC_TRel_is_weak_reduction_simulation_rev: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes sim: "weak_reduction_simulation (Rel¯) (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" shows "weak_reduction_simulation ((TRel⇧+)¯) Target" proof clarify fix TP TQ TP' assume "(TQ, TP) ∈ TRel⇧+" moreover assume "TP ⟼Target* TP'" ultimately show "∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ (TRel⇧+)¯" proof (induct arbitrary: TP') fix TP TP' assume "(TQ, TP) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TQ) ∈ Rel¯" by simp moreover assume "TP ⟼Target* TP'" hence "TargetTerm TP ⟼(STCal Source Target)* (TargetTerm TP')" by (simp add: STCal_steps) ultimately obtain Q' where A2: "TargetTerm TQ ⟼(STCal Source Target)* Q'" and A3: "(TargetTerm TP', Q') ∈ Rel¯" using sim by blast from A2 obtain TQ' where A4: "TQ ⟼Target* TQ'" and A5: "TQ' ∈T Q'" by (auto simp add: STCal_steps(2)) from A3 A5 trel have "(TP', TQ') ∈ (TRel⇧+)¯" by simp with A4 show "∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ (TRel⇧+)¯" by blast next case (step TR TP TP') assume "TP ⟼Target* TP'" hence "TargetTerm TP ⟼(STCal Source Target)* (TargetTerm TP')" by (simp add: STCal_steps) moreover assume "(TR, TP) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TR) ∈ Rel¯" by simp ultimately obtain R' where B1: "TargetTerm TR ⟼(STCal Source Target)* R'" and B2: "(TargetTerm TP', R') ∈ Rel¯" using sim by blast from B1 obtain TR' where B3: "TR' ∈T R'" and B4: "TR ⟼Target* TR'" by (auto simp add: STCal_steps) assume "⋀TR'. TR ⟼Target* TR' ⟹ ∃TQ'. TQ ⟼Target* TQ' ∧ (TR', TQ') ∈ (TRel⇧+)¯" with B4 obtain TQ' where B5: "TQ ⟼Target* TQ'" and B6: "(TR', TQ') ∈ (TRel⇧+)¯" by blast from B6 have "(TQ', TR') ∈ TRel⇧+" by simp moreover from B2 B3 trel have "(TR', TP') ∈ TRel⇧+" by simp ultimately have "(TP', TQ') ∈ (TRel⇧+)¯" by simp with B5 show "∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ (TRel⇧+)¯" by blast qed qed lemma (in encoding) indRelRTPO_impl_TRel_is_weak_reduction_simulation_rev: fixes TRel :: "('procT × 'procT) set" assumes sim: "weak_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" shows "weak_reduction_simulation ((TRel⇧+)¯) Target" using sim indRelRTPO.target[where TRel="TRel"] indRelRTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_simulation_rev[where Rel="indRelRTPO TRel" and TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_weak_reduction_simulation_rev: fixes TRel :: "('procT × 'procT) set" assumes sim: "weak_reduction_simulation ((indRelLTPO TRel)¯) (STCal Source Target)" shows "weak_reduction_simulation ((TRel⇧+)¯) Target" using sim indRelLTPO.target[where TRel="TRel"] indRelLTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_simulation_rev[where Rel="indRelLTPO TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes sim: "weak_reduction_simulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧*" shows "weak_reduction_simulation (TRel⇧*) Target" proof clarify fix TP TQ TP' assume "(TP, TQ) ∈ TRel⇧*" and "TP ⟼Target* TP'" thus "∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ TRel⇧*" proof (induct arbitrary: TP') fix TP' assume "TP ⟼Target* TP'" moreover have "(TP', TP') ∈ TRel⇧*" by simp ultimately show "∃TQ'. TP ⟼Target* TQ' ∧ (TP', TQ') ∈ TRel⇧*" by blast next case (step TQ TR) assume "TP ⟼Target* TP'" and "⋀TP'. TP ⟼Target* TP' ⟹ ∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ TRel⇧*" from this obtain TQ' where B1: "TQ ⟼Target* TQ'" and B2: "(TP', TQ') ∈ TRel⇧*" by blast assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover from B1 have "TargetTerm TQ ⟼(STCal Source Target)* (TargetTerm TQ')" by (simp add: STCal_steps) ultimately obtain R' where B3: "TargetTerm TR ⟼(STCal Source Target)* R'" and B4: "(TargetTerm TQ', R') ∈ Rel" using sim by blast from B3 obtain TR' where B5: "TR' ∈T R'" and B6: "TR ⟼Target* TR'" by (auto simp add: STCal_steps) from B4 B5 trel have "(TQ', TR') ∈ TRel⇧*" by simp with B2 have "(TP', TR') ∈ TRel⇧*" by simp with B6 show "∃TR'. TR ⟼Target* TR' ∧ (TP', TR') ∈ TRel⇧*" by blast qed qed lemma (in encoding) indRelTEQ_impl_TRel_is_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "weak_reduction_simulation (indRelTEQ TRel) (STCal Source Target)" shows "weak_reduction_simulation (TRel⇧*) Target" using sim indRelTEQ.target[where TRel="TRel"] indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_simulation[where Rel="indRelTEQ TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_transC_TRel_is_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes sim: "strong_reduction_simulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" shows "strong_reduction_simulation (TRel⇧+) Target" proof clarify fix TP TQ TP' assume "(TP, TQ) ∈ TRel⇧+" and "TP ⟼Target TP'" thus "∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ TRel⇧+" proof (induct arbitrary: TP') fix TQ TP' assume "(TP, TQ) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼Target TP'" hence "TargetTerm TP ⟼(STCal Source Target) (TargetTerm TP')" by (simp add: STCal_step) ultimately obtain Q' where A2: "TargetTerm TQ ⟼(STCal Source Target) Q'" and A3: "(TargetTerm TP', Q') ∈ Rel" using sim by blast from A2 obtain TQ' where A4: "TQ ⟼Target TQ'" and A5: "TQ' ∈T Q'" by (auto simp add: STCal_step) from A3 A5 trel have "(TP', TQ') ∈ TRel⇧+" by simp with A4 show "∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ TRel⇧+" by blast next case (step TQ TR) assume "TP ⟼Target TP'" and "⋀TP'. TP ⟼Target TP' ⟹ ∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ TRel⇧+" from this obtain TQ' where B1: "TQ ⟼Target TQ'" and B2: "(TP', TQ') ∈ TRel⇧+" by blast assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover from B1 have "TargetTerm TQ ⟼(STCal Source Target) (TargetTerm TQ')" by (simp add: STCal_step) ultimately obtain R' where B3: "TargetTerm TR ⟼(STCal Source Target) R'" and B4: "(TargetTerm TQ', R') ∈ Rel" using sim by blast from B3 obtain TR' where B5: "TR' ∈T R'" and B6: "TR ⟼Target TR'" by (auto simp add: STCal_step) from B4 B5 trel have "(TQ', TR') ∈ TRel⇧+" by simp with B2 have "(TP', TR') ∈ TRel⇧+" by simp with B6 show "∃TR'. TR ⟼Target TR' ∧ (TP', TR') ∈ TRel⇧+" by blast qed qed lemma (in encoding) indRelRTPO_impl_TRel_is_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "strong_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" shows "strong_reduction_simulation (TRel⇧+) Target" using sim indRelRTPO.target[where TRel="TRel"] indRelRTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_strong_reduction_simulation[where Rel="indRelRTPO TRel" and TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "strong_reduction_simulation (indRelLTPO TRel) (STCal Source Target)" shows "strong_reduction_simulation (TRel⇧+) Target" using sim indRelLTPO.target[where TRel="TRel"] indRelLTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_strong_reduction_simulation[where Rel="indRelLTPO TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_transC_TRel_is_strong_reduction_simulation_rev: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes sim: "strong_reduction_simulation (Rel¯) (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" shows "strong_reduction_simulation ((TRel⇧+)¯) Target" proof clarify fix TP TQ TP' assume "(TQ, TP) ∈ TRel⇧+" moreover assume "TP ⟼Target TP'" ultimately show "∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ (TRel⇧+)¯" proof (induct arbitrary: TP') fix TP TP' assume "(TQ, TP) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TQ) ∈ Rel¯" by simp moreover assume "TP ⟼Target TP'" hence "TargetTerm TP ⟼(STCal Source Target) (TargetTerm TP')" by (simp add: STCal_step) ultimately obtain Q' where A2: "TargetTerm TQ ⟼(STCal Source Target) Q'" and A3: "(TargetTerm TP', Q') ∈ Rel¯" using sim by blast from A2 obtain TQ' where A4: "TQ ⟼Target TQ'" and A5: "TQ' ∈T Q'" by (auto simp add: STCal_step(2)) from A3 A5 trel have "(TP', TQ') ∈ (TRel⇧+)¯" by simp with A4 show "∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ (TRel⇧+)¯" by blast next case (step TP TR TR') assume "(TP, TR) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TR) ∈ Rel" by simp moreover assume "TR ⟼Target TR'" hence "TargetTerm TR ⟼(STCal Source Target) (TargetTerm TR')" by (simp add: STCal_step) ultimately obtain P' where B1: "TargetTerm TP ⟼(STCal Source Target) P'" and B2: "(P', TargetTerm TR') ∈ Rel" using sim by blast from B1 obtain TP' where B3: "TP' ∈T P'" and B4: "TP ⟼Target TP'" by (auto simp add: STCal_step) assume "⋀TP'. TP ⟼Target TP' ⟹ ∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ (TRel⇧+)¯" with B4 obtain TQ' where B5: "TQ ⟼Target TQ'" and B6: "(TP', TQ') ∈ (TRel⇧+)¯" by blast from B2 B3 trel have "(TP', TR') ∈ TRel⇧+" by simp with B6 have "(TR', TQ') ∈ (TRel⇧+)¯" by simp with B5 show "∃TQ'. TQ ⟼Target TQ' ∧ (TR', TQ') ∈ (TRel⇧+)¯" by blast qed qed lemma (in encoding) indRelRTPO_impl_TRel_is_strong_reduction_simulation_rev: fixes TRel :: "('procT × 'procT) set" assumes sim: "strong_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" shows "strong_reduction_simulation ((TRel⇧+)¯) Target" using sim indRelRTPO.target[where TRel="TRel"] indRelRTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_strong_reduction_simulation_rev[where Rel="indRelRTPO TRel" and TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_strong_reduction_simulation_rev: fixes TRel :: "('procT × 'procT) set" assumes sim: "strong_reduction_simulation ((indRelLTPO TRel)¯) (STCal Source Target)" shows "strong_reduction_simulation ((TRel⇧+)¯) Target" using sim indRelLTPO.target[where TRel="TRel"] indRelLTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_strong_reduction_simulation_rev[where Rel="indRelLTPO TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_reflC_transC_TRel_is_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes sim: "strong_reduction_simulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧*" shows "strong_reduction_simulation (TRel⇧*) Target" proof clarify fix TP TQ TP' assume "(TP, TQ) ∈ TRel⇧*" and "TP ⟼Target TP'" thus "∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ TRel⇧*" proof (induct arbitrary: TP') fix TP' assume "TP ⟼Target TP'" moreover have "(TP', TP') ∈ TRel⇧*" by simp ultimately show "∃TQ'. TP ⟼Target TQ' ∧ (TP', TQ') ∈ TRel⇧*" by blast next case (step TQ TR TP') assume "TP ⟼Target TP'" and "⋀TP'. TP ⟼Target TP' ⟹ ∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ TRel⇧*" from this obtain TQ' where B1: "TQ ⟼Target TQ'" and B2: "(TP', TQ') ∈ TRel⇧*" by blast assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover from B1 have "TargetTerm TQ ⟼(STCal Source Target) (TargetTerm TQ')" by (simp add: STCal_step) ultimately obtain R' where B3: "TargetTerm TR ⟼(STCal Source Target) R'" and B4: "(TargetTerm TQ', R') ∈ Rel" using sim by blast from B3 obtain TR' where B5: "TR' ∈T R'" and B6: "TR ⟼Target TR'" by (auto simp add: STCal_step) from B4 B5 trel have "(TQ', TR') ∈ TRel⇧*" by simp with B2 have "(TP', TR') ∈ TRel⇧*" by simp with B6 show "∃TR'. TR ⟼Target TR' ∧ (TP', TR') ∈ TRel⇧*" by blast qed qed lemma (in encoding) indRelTEQ_impl_TRel_is_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "strong_reduction_simulation (indRelTEQ TRel) (STCal Source Target)" shows "strong_reduction_simulation (TRel⇧*) Target" using sim indRelTEQ.target[where TRel="TRel"] indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond rel_with_target_impl_reflC_transC_TRel_is_strong_reduction_simulation[where Rel="indRelTEQ TRel" and TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_is_weak_barbed_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "weak_barbed_simulation (indRelRTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_simulation (TRel⇧+) TWB" proof from sim show "weak_reduction_simulation (TRel⇧+) (Calculus TWB)" using indRelRTPO_impl_TRel_is_weak_reduction_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from sim show "rel_weakly_preserves_barbs (TRel⇧+) TWB" using indRelRTPO_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] weak_preservation_of_barbs_and_closures(2)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_is_weak_barbed_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "weak_barbed_simulation (indRelLTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_simulation (TRel⇧+) TWB" proof from sim show "weak_reduction_simulation (TRel⇧+) (Calculus TWB)" using indRelLTPO_impl_TRel_is_weak_reduction_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from sim show "rel_weakly_preserves_barbs (TRel⇧+) TWB" using indRelLTPO_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] weak_preservation_of_barbs_and_closures(2)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_is_weak_barbed_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "weak_barbed_simulation (indRelTEQ TRel) (STCalWB SWB TWB)" shows "weak_barbed_simulation (TRel⇧*) TWB" proof from sim show "weak_reduction_simulation (TRel⇧*) (Calculus TWB)" using indRelTEQ_impl_TRel_is_weak_reduction_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from sim show "rel_weakly_preserves_barbs (TRel⇧*) TWB" using indRelTEQ_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] weak_preservation_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_is_strong_barbed_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "strong_barbed_simulation (indRelRTPO TRel) (STCalWB SWB TWB)" shows "strong_barbed_simulation (TRel⇧+) TWB" proof from sim show "strong_reduction_simulation (TRel⇧+) (Calculus TWB)" using indRelRTPO_impl_TRel_is_strong_reduction_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from sim show "rel_preserves_barbs (TRel⇧+) TWB" using indRelRTPO_impl_TRel_preserves_barbs[where TRel="TRel"] preservation_of_barbs_and_closures(2)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_is_strong_barbed_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "strong_barbed_simulation (indRelLTPO TRel) (STCalWB SWB TWB)" shows "strong_barbed_simulation (TRel⇧+) TWB" proof from sim refl show "strong_reduction_simulation (TRel⇧+) (Calculus TWB)" using indRelLTPO_impl_TRel_is_strong_reduction_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from sim show "rel_preserves_barbs (TRel⇧+) TWB" using indRelLTPO_impl_TRel_preserves_barbs[where TRel="TRel"] preservation_of_barbs_and_closures(2)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_is_strong_barbed_simulation: fixes TRel :: "('procT × 'procT) set" assumes sim: "strong_barbed_simulation (indRelTEQ TRel) (STCalWB SWB TWB)" shows "strong_barbed_simulation (TRel⇧*) TWB" proof from sim refl show "strong_reduction_simulation (TRel⇧*) (Calculus TWB)" using indRelTEQ_impl_TRel_is_strong_reduction_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from sim show "rel_preserves_barbs (TRel⇧*) TWB" using indRelTEQ_impl_TRel_preserves_barbs[where TRel="TRel"] preservation_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed text ‹If indRelRTPO, indRelLTPO, or indRelTEQ is a contrasimulation then so is the corresponding target term relation.› lemma (in encoding) rel_with_target_impl_transC_TRel_is_weak_reduction_contrasimulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes conSim: "weak_reduction_contrasimulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" shows "weak_reduction_contrasimulation (TRel⇧+) Target" proof clarify fix TP TQ TP' assume "(TP, TQ) ∈ TRel⇧+" and "TP ⟼Target* TP'" thus "∃TQ'. TQ ⟼Target* TQ' ∧ (TQ', TP') ∈ TRel⇧+" proof (induct arbitrary: TP') fix TQ TP' assume "(TP, TQ) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼Target* TP'" hence "TargetTerm TP ⟼(STCal Source Target)* (TargetTerm TP')" by (simp add: STCal_steps) ultimately obtain Q' where A2: "TargetTerm TQ ⟼(STCal Source Target)* Q'" and A3: "(Q', TargetTerm TP') ∈ Rel" using conSim by blast from A2 obtain TQ' where A4: "TQ ⟼Target* TQ'" and A5: "TQ' ∈T Q'" by (auto simp add: STCal_steps) from A3 A5 trel have "(TQ', TP') ∈ TRel⇧+" by simp with A4 show "∃TQ'. TQ ⟼Target* TQ' ∧ (TQ', TP') ∈ TRel⇧+" by blast next case (step TQ TR) assume "TP ⟼Target* TP'" and "⋀TP'. TP ⟼Target* TP' ⟹ ∃TQ'. TQ ⟼Target* TQ' ∧ (TQ', TP') ∈ TRel⇧+" from this obtain TQ' where B1: "TQ ⟼Target* TQ'" and B2: "(TQ', TP') ∈ TRel⇧+" by blast assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover from B1 have "TargetTerm TQ ⟼(STCal Source Target)* (TargetTerm TQ')" by (simp add: STCal_steps) ultimately obtain R' where B3: "TargetTerm TR ⟼(STCal Source Target)* R'" and B4: "(R', TargetTerm TQ') ∈ Rel" using conSim by blast from B3 obtain TR' where B5: "TR' ∈T R'" and B6: "TR ⟼Target* TR'" by (auto simp add: STCal_steps) from B4 B5 trel have "(TR', TQ') ∈ TRel⇧+" by simp from this B2 have "(TR', TP') ∈ TRel⇧+" by simp with B6 show "∃TR'. TR ⟼Target* TR' ∧ (TR', TP') ∈ TRel⇧+" by blast qed qed lemma (in encoding) indRelRTPO_impl_TRel_is_weak_reduction_contrasimulation: fixes TRel :: "('procT × 'procT) set" assumes conSim: "weak_reduction_contrasimulation (indRelRTPO TRel) (STCal Source Target)" shows "weak_reduction_contrasimulation (TRel⇧+) Target" using conSim indRelRTPO.target[where TRel="TRel"] indRelRTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_contrasimulation[where Rel="indRelRTPO TRel" and TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_weak_reduction_contrasimulation: fixes TRel :: "('procT × 'procT) set" assumes conSim: "weak_reduction_contrasimulation (indRelLTPO TRel) (STCal Source Target)" shows "weak_reduction_contrasimulation (TRel⇧+) Target" using conSim indRelLTPO.target[where TRel="TRel"] indRelLTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_contrasimulation[where Rel="indRelLTPO TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_contrasimulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes conSim: "weak_reduction_contrasimulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧*" shows "weak_reduction_contrasimulation (TRel⇧*) Target" proof clarify fix TP TQ TP' assume "(TP, TQ) ∈ TRel⇧*" and "TP ⟼Target* TP'" thus "∃TQ'. TQ ⟼Target* TQ' ∧ (TQ', TP') ∈ TRel⇧*" proof (induct arbitrary: TP') fix TP' assume "TP ⟼Target* TP'" moreover have "(TP', TP') ∈ TRel⇧*" by simp ultimately show "∃TQ'. TP ⟼Target* TQ' ∧ (TQ', TP') ∈ TRel⇧*" by blast next case (step TQ TR) assume "TP ⟼Target* TP'" and "⋀TP'. TP ⟼Target* TP' ⟹ ∃TQ'. TQ ⟼Target* TQ' ∧ (TQ', TP') ∈ TRel⇧*" from this obtain TQ' where B1: "TQ ⟼Target* TQ'" and B2: "(TQ', TP') ∈ TRel⇧*" by blast assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover from B1 have "TargetTerm TQ ⟼(STCal Source Target)* (TargetTerm TQ')" by (simp add: STCal_steps) ultimately obtain R' where B3: "TargetTerm TR ⟼(STCal Source Target)* R'" and B4: "(R', TargetTerm TQ') ∈ Rel" using conSim by blast from B3 obtain TR' where B5: "TR' ∈T R'" and B6: "TR ⟼Target* TR'" by (auto simp add: STCal_steps) from B4 B5 trel have "(TR', TQ') ∈ TRel⇧*" by simp from this B2 have "(TR', TP') ∈ TRel⇧*" by simp with B6 show "∃TR'. TR ⟼Target* TR' ∧ (TR', TP') ∈ TRel⇧*" by blast qed qed lemma (in encoding) indRelTEQ_impl_TRel_is_weak_reduction_contrasimulation: fixes TRel :: "('procT × 'procT) set" assumes conSim: "weak_reduction_contrasimulation (indRelTEQ TRel) (STCal Source Target)" shows "weak_reduction_contrasimulation (TRel⇧*) Target" using conSim indRelTEQ.target[where TRel="TRel"] indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_contrasimulation[where Rel="indRelTEQ TRel" and TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_is_weak_barbed_contrasimulation: fixes TRel :: "('procT × 'procT) set" assumes conSim: "weak_barbed_contrasimulation (indRelRTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_contrasimulation (TRel⇧+) TWB" proof from conSim show "weak_reduction_contrasimulation (TRel⇧+) (Calculus TWB)" using indRelRTPO_impl_TRel_is_weak_reduction_contrasimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from conSim show "rel_weakly_preserves_barbs (TRel⇧+) TWB" using indRelRTPO_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] weak_preservation_of_barbs_and_closures(2)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_is_weak_barbed_contrasimulation: fixes TRel :: "('procT × 'procT) set" assumes conSim: "weak_barbed_contrasimulation (indRelLTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_contrasimulation (TRel⇧+) TWB" proof from conSim show "weak_reduction_contrasimulation (TRel⇧+) (Calculus TWB)" using indRelLTPO_impl_TRel_is_weak_reduction_contrasimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from conSim show "rel_weakly_preserves_barbs (TRel⇧+) TWB" using indRelLTPO_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] weak_preservation_of_barbs_and_closures(2)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_is_weak_barbed_contrasimulation: fixes TRel :: "('procT × 'procT) set" assumes conSim: "weak_barbed_contrasimulation (indRelTEQ TRel) (STCalWB SWB TWB)" shows "weak_barbed_contrasimulation (TRel⇧*) TWB" proof from conSim show "weak_reduction_contrasimulation (TRel⇧*) (Calculus TWB)" using indRelTEQ_impl_TRel_is_weak_reduction_contrasimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from conSim show "rel_weakly_preserves_barbs (TRel⇧*) TWB" using indRelTEQ_impl_TRel_weakly_preserves_barbs[where TRel="TRel"] weak_preservation_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed text ‹If indRelRTPO, indRelLTPO, or indRelTEQ is a coupled simulation then so is the corresponding target term relation.› lemma (in encoding) indRelRTPO_impl_TRel_is_weak_reduction_coupled_simulation: fixes TRel :: "('procT × 'procT) set" assumes couSim: "weak_reduction_coupled_simulation (indRelRTPO TRel) (STCal Source Target)" shows "weak_reduction_coupled_simulation (TRel⇧+) Target" using couSim weak_reduction_coupled_simulation_versus_simulation_and_contrasimulation refl indRelRTPO_impl_TRel_is_weak_reduction_simulation[where TRel="TRel"] indRelRTPO_impl_TRel_is_weak_reduction_contrasimulation[where TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_weak_reduction_coupled_simulation: fixes TRel :: "('procT × 'procT) set" assumes couSim: "weak_reduction_coupled_simulation (indRelLTPO TRel) (STCal Source Target)" shows "weak_reduction_coupled_simulation (TRel⇧+) Target" using couSim weak_reduction_coupled_simulation_versus_simulation_and_contrasimulation refl indRelLTPO_impl_TRel_is_weak_reduction_simulation[where TRel="TRel"] indRelLTPO_impl_TRel_is_weak_reduction_contrasimulation[where TRel="TRel"] by blast lemma (in encoding) indRelTEQ_impl_TRel_is_weak_reduction_coupled_simulation: fixes TRel :: "('procT × 'procT) set" assumes couSim: "weak_reduction_coupled_simulation (indRelTEQ TRel) (STCal Source Target)" shows "weak_reduction_coupled_simulation (TRel⇧*) Target" using couSim weak_reduction_coupled_simulation_versus_simulation_and_contrasimulation refl indRelTEQ_impl_TRel_is_weak_reduction_simulation[where TRel="TRel"] indRelTEQ_impl_TRel_is_weak_reduction_contrasimulation[where TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_is_weak_barbed_coupled_simulation: fixes TRel :: "('procT × 'procT) set" assumes couSim: "weak_barbed_coupled_simulation (indRelRTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_coupled_simulation (TRel⇧+) TWB" using couSim weak_barbed_coupled_simulation_versus_simulation_and_contrasimulation refl indRelRTPO_impl_TRel_is_weak_barbed_simulation[where TRel="TRel"] indRelRTPO_impl_TRel_is_weak_barbed_contrasimulation[where TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_is_weak_barbed_coupled_simulation: fixes TRel :: "('procT × 'procT) set" assumes couSim: "weak_barbed_coupled_simulation (indRelLTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_coupled_simulation (TRel⇧+) TWB" using couSim weak_barbed_coupled_simulation_versus_simulation_and_contrasimulation refl indRelLTPO_impl_TRel_is_weak_barbed_simulation[where TRel="TRel"] indRelLTPO_impl_TRel_is_weak_barbed_contrasimulation[where TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_is_weak_barbed_coupled_simulation: fixes TRel :: "('procT × 'procT) set" assumes couSim: "weak_barbed_coupled_simulation (indRelTEQ TRel) (STCalWB SWB TWB)" shows "weak_barbed_coupled_simulation (TRel⇧*) TWB" using couSim weak_barbed_coupled_simulation_versus_simulation_and_contrasimulation refl indRelTEQ_impl_TRel_is_weak_barbed_simulation[where TRel="TRel"] indRelTEQ_impl_TRel_is_weak_barbed_contrasimulation[where TRel="TRel"] by blast text ‹If indRelRTPO, indRelLTPO, or indRelTEQ is a correspondence simulation then so is the corresponding target term relation.› lemma (in encoding) rel_with_target_impl_transC_TRel_is_weak_reduction_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes corSim: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" shows "weak_reduction_correspondence_simulation (TRel⇧+) Target" proof - from corSim target trel have A: "weak_reduction_simulation (TRel⇧+) Target" using rel_with_target_impl_transC_TRel_is_weak_reduction_simulation[where TRel="TRel" and Rel="Rel"] by blast moreover have "∀P Q Q'. (P, Q) ∈ TRel⇧+ ∧ Q ⟼Target* Q' ⟶ (∃P'' Q''. P ⟼Target* P'' ∧ Q' ⟼Target* Q'' ∧ (P'', Q'') ∈ TRel⇧+)" proof clarify fix TP TQ TQ' assume "(TP, TQ) ∈ TRel⇧+" and "TQ ⟼Target* TQ'" thus "∃TP'' TQ''. TP ⟼Target* TP'' ∧ TQ' ⟼Target* TQ'' ∧ (TP'', TQ'') ∈ TRel⇧+" proof (induct arbitrary: TQ') fix TQ TQ' assume "(TP, TQ) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by blast moreover assume "TQ ⟼Target* TQ'" hence "TargetTerm TQ ⟼(STCal Source Target)* (TargetTerm TQ')" by (simp add: STCal_steps) ultimately obtain P'' Q'' where A2: "TargetTerm TP ⟼(STCal Source Target)* P''" and A3: "TargetTerm TQ' ⟼(STCal Source Target)* Q''" and A4: "(P'', Q'') ∈ Rel" using corSim by blast from A2 obtain TP'' where A5: "TP ⟼Target* TP''" and A6: "TP'' ∈T P''" by (auto simp add: STCal_steps) from A3 obtain TQ'' where A7: "TQ' ⟼Target* TQ''" and A8: "TQ'' ∈T Q''" by (auto simp add: STCal_steps) from A4 A6 A8 trel have "(TP'', TQ'') ∈ TRel⇧+" by blast with A5 A7 show "∃TP'' TQ''. TP ⟼Target* TP'' ∧ TQ' ⟼Target* TQ'' ∧ (TP'', TQ'') ∈ TRel⇧+" by blast next case (step TQ TR TR') assume "⋀TQ'. TQ ⟼Target* TQ'⟹ ∃TP'' TQ''. TP ⟼Target* TP'' ∧ TQ' ⟼Target* TQ'' ∧ (TP'', TQ'') ∈ TRel⇧+" moreover assume "(TQ, TR) ∈ TRel" hence "⋀TR'. TR ⟼Target* TR' ⟶ (∃TQ'' TR''. TQ ⟼Target* TQ'' ∧ TR' ⟼Target* TR'' ∧ (TQ'', TR'') ∈ TRel⇧+)" proof clarify fix TR' assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover assume "TR ⟼Target* TR'" hence "TargetTerm TR ⟼(STCal Source Target)* (TargetTerm TR')" by (simp add: STCal_steps) ultimately obtain Q'' R'' where B1: "TargetTerm TQ ⟼(STCal Source Target)* Q''" and B2: "TargetTerm TR' ⟼(STCal Source Target)* R''" and B3: "(Q'', R'') ∈ Rel" using corSim by blast from B1 obtain TQ'' where B4: "TQ'' ∈T Q''" and B5: "TQ ⟼Target* TQ''" by (auto simp add: STCal_steps) from B2 obtain TR'' where B6: "TR'' ∈T R''" and B7: "TR' ⟼Target* TR''" by (auto simp add: STCal_steps) from B3 B4 B6 trel have "(TQ'', TR'') ∈ TRel⇧+" by simp with B5 B7 show "∃TQ'' TR''. TQ ⟼Target* TQ'' ∧ TR' ⟼Target* TR'' ∧ (TQ'', TR'') ∈ TRel⇧+" by blast qed moreover have "trans (TRel⇧+)" by simp moreover assume "TR ⟼Target* TR'" ultimately show "∃TP'' TR''. TP ⟼Target* TP'' ∧ TR' ⟼Target* TR'' ∧ (TP'', TR'') ∈ TRel⇧+" using A reduction_correspondence_simulation_condition_trans[where Rel="TRel⇧+" and Cal="Target"] by blast qed qed ultimately show ?thesis by simp qed lemma (in encoding) indRelRTPO_impl_TRel_is_weak_reduction_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" assumes cSim: "weak_reduction_correspondence_simulation (indRelRTPO TRel) (STCal Source Target)" shows "weak_reduction_correspondence_simulation (TRel⇧+) Target" using cSim indRelRTPO.target[where TRel="TRel"] indRelRTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_correspondence_simulation[where Rel="indRelRTPO TRel" and TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_weak_reduction_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" assumes cSim: "weak_reduction_correspondence_simulation (indRelLTPO TRel) (STCal Source Target)" shows "weak_reduction_correspondence_simulation (TRel⇧+) Target" using cSim indRelLTPO.target[where TRel="TRel"] indRelLTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_correspondence_simulation[where Rel="indRelLTPO TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes corSim: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧*" shows "weak_reduction_correspondence_simulation (TRel⇧*) Target" proof - from corSim target trel have A: "weak_reduction_simulation (TRel⇧*) Target" using rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_simulation[where TRel="TRel" and Rel="Rel"] by blast moreover have "∀P Q Q'. (P, Q) ∈ TRel⇧* ∧ Q ⟼Target* Q' ⟶ (∃P'' Q''. P ⟼Target* P'' ∧ Q' ⟼Target* Q'' ∧ (P'', Q'') ∈ TRel⇧*)" proof clarify fix TP TQ TQ' assume "(TP, TQ) ∈ TRel⇧*" and "TQ ⟼Target* TQ'" thus "∃TP'' TQ''. TP ⟼Target* TP'' ∧ TQ' ⟼Target* TQ'' ∧ (TP'', TQ'') ∈ TRel⇧*" proof (induct arbitrary: TQ') fix TQ' assume "TP ⟼Target* TQ'" moreover have "TQ' ⟼Target* TQ'" by (simp add: steps_refl) moreover have "(TQ', TQ') ∈ TRel⇧*" by simp ultimately show "∃TP'' TQ''. TP ⟼Target* TP'' ∧ TQ' ⟼Target* TQ'' ∧ (TP'', TQ'') ∈ TRel⇧*" by blast next case (step TQ TR TR') assume "⋀TQ'. TQ ⟼Target* TQ'⟹ ∃TP'' TQ''. TP ⟼Target* TP'' ∧ TQ' ⟼Target* TQ'' ∧ (TP'', TQ'') ∈ TRel⇧*" moreover assume "(TQ, TR) ∈ TRel" with corSim have "⋀TR'. TR ⟼Target* TR' ⟹ ∃TQ'' TR''. TQ ⟼Target* TQ'' ∧ TR' ⟼Target* TR'' ∧ (TQ'', TR'') ∈ TRel⇧*" proof clarify fix TR' assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover assume "TR ⟼Target* TR'" hence "TargetTerm TR ⟼(STCal Source Target)* (TargetTerm TR')" by (simp add: STCal_steps) ultimately obtain Q'' R'' where B1: "TargetTerm TQ ⟼(STCal Source Target)* Q''" and B2: "TargetTerm TR' ⟼(STCal Source Target)* R''" and B3: "(Q'', R'') ∈ Rel" using corSim by blast from B1 obtain TQ'' where B4: "TQ'' ∈T Q''" and B5: "TQ ⟼Target* TQ''" by (auto simp add: STCal_steps) from B2 obtain TR'' where B6: "TR'' ∈T R''" and B7: "TR' ⟼Target* TR''" by (auto simp add: STCal_steps) from B3 B4 B6 trel have "(TQ'', TR'') ∈ TRel⇧*" by simp with B5 B7 show "∃TQ'' TR''. TQ ⟼Target* TQ'' ∧ TR' ⟼Target* TR'' ∧ (TQ'', TR'') ∈ TRel⇧*" by blast qed moreover assume "TR ⟼Target* TR'" moreover have "trans (TRel⇧*)" using trans_rtrancl[of TRel] by simp ultimately show "∃TP'' TR''. TP ⟼Target* TP'' ∧ TR' ⟼Target* TR'' ∧ (TP'', TR'') ∈ TRel⇧*" using A reduction_correspondence_simulation_condition_trans[where Rel="TRel⇧*" and Cal="Target"] by blast qed qed ultimately show ?thesis by simp qed lemma (in encoding) indRelTEQ_impl_TRel_is_weak_reduction_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" assumes corSim: "weak_reduction_correspondence_simulation (indRelTEQ TRel) (STCal Source Target)" shows "weak_reduction_correspondence_simulation (TRel⇧*) Target" using corSim indRelTEQ.target[where TRel="TRel"] indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_correspondence_simulation[ where Rel="indRelTEQ TRel" and TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_is_weak_barbed_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" assumes corSim: "weak_barbed_correspondence_simulation (indRelRTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_correspondence_simulation (TRel⇧+) TWB" proof from corSim show "weak_reduction_correspondence_simulation (TRel⇧+) (Calculus TWB)" using indRelRTPO_impl_TRel_is_weak_reduction_correspondence_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from corSim show "rel_weakly_respects_barbs (TRel⇧+) TWB" using indRelRTPO_impl_TRel_weakly_respects_barbs[where TRel="TRel"] weak_respection_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_is_weak_barbed_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" assumes corSim: "weak_barbed_correspondence_simulation (indRelLTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_correspondence_simulation (TRel⇧+) TWB" proof from corSim show "weak_reduction_correspondence_simulation (TRel⇧+) (Calculus TWB)" using indRelLTPO_impl_TRel_is_weak_reduction_correspondence_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from corSim show "rel_weakly_respects_barbs (TRel⇧+) TWB" using indRelLTPO_impl_TRel_weakly_respects_barbs[where TRel="TRel"] weak_respection_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_is_weak_barbed_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" assumes corSim: "weak_barbed_correspondence_simulation (indRelTEQ TRel) (STCalWB SWB TWB)" shows "weak_barbed_correspondence_simulation (TRel⇧*) TWB" proof from corSim show "weak_reduction_correspondence_simulation (TRel⇧*) (Calculus TWB)" using indRelTEQ_impl_TRel_is_weak_reduction_correspondence_simulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from corSim show "rel_weakly_respects_barbs (TRel⇧*) TWB" using indRelTEQ_impl_TRel_weakly_respects_barbs[where TRel="TRel"] weak_respection_of_barbs_and_closures(5)[where Rel="TRel" and CWB="TWB"] by blast qed text ‹If indRelRTPO, indRelLTPO, or indRelTEQ is a bisimulation then so is the corresponding target term relation.› lemma (in encoding) rel_with_target_impl_transC_TRel_is_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes bisim: "weak_reduction_bisimulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" shows "weak_reduction_bisimulation (TRel⇧+) Target" proof from bisim target trel show "weak_reduction_simulation (TRel⇧+) Target" using rel_with_target_impl_transC_TRel_is_weak_reduction_simulation[where TRel="TRel" and Rel="Rel"] by blast next show "∀P Q Q'. (P, Q) ∈ TRel⇧+ ∧ Q ⟼Target* Q' ⟶ (∃P'. P ⟼Target* P' ∧ (P', Q') ∈ TRel⇧+)" proof clarify fix TP TQ TQ' assume "(TP, TQ) ∈ TRel⇧+" and "TQ ⟼Target* TQ'" thus "∃TP'. TP ⟼Target* TP' ∧ (TP', TQ') ∈ TRel⇧+" proof (induct arbitrary: TQ') fix TQ TQ' assume "(TP, TQ) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼Target* TQ'" hence "TargetTerm TQ ⟼(STCal Source Target)* (TargetTerm TQ')" by (simp add: STCal_steps) ultimately obtain P' where A2: "TargetTerm TP ⟼(STCal Source Target)* P'" and A3: "(P', TargetTerm TQ') ∈ Rel" using bisim by blast from A2 obtain TP' where A4: "TP ⟼Target* TP'" and A5: "TP' ∈T P'" by (auto simp add: STCal_steps) from A3 A5 trel have "(TP', TQ') ∈ TRel⇧+" by simp with A4 show "∃TP'. TP ⟼Target* TP' ∧ (TP', TQ') ∈ TRel⇧+" by blast next case (step TQ TR TR') assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover assume "TR ⟼Target* TR'" hence "TargetTerm TR ⟼(STCal Source Target)* (TargetTerm TR')" by (simp add: STCal_steps) ultimately obtain Q' where B1: "TargetTerm TQ ⟼(STCal Source Target)* Q'" and B2: "(Q', TargetTerm TR') ∈ Rel" using bisim by blast from B1 obtain TQ' where B3: "TQ' ∈T Q'" and B4: "TQ ⟼Target* TQ'" by (auto simp add: STCal_steps) assume "⋀TQ'. TQ ⟼Target* TQ' ⟹ ∃TP'. TP ⟼Target* TP' ∧ (TP', TQ') ∈ TRel⇧+" with B4 obtain TP' where B5: "TP ⟼Target* TP'" and B6: "(TP', TQ') ∈ TRel⇧+" by blast from B2 B3 trel have "(TQ', TR') ∈ TRel⇧+" by simp with B6 have "(TP', TR') ∈ TRel⇧+" by simp with B5 show "∃TP'. TP ⟼Target* TP' ∧ (TP', TR') ∈ TRel⇧+" by blast qed qed qed lemma (in encoding) indRelRTPO_impl_TRel_is_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "weak_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" shows "weak_reduction_bisimulation (TRel⇧+) Target" using bisim indRelRTPO.target[where TRel="TRel"] indRelRTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_bisimulation[where Rel="indRelRTPO TRel" and TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "weak_reduction_bisimulation (indRelLTPO TRel) (STCal Source Target)" shows "weak_reduction_bisimulation (TRel⇧+) Target" using bisim indRelLTPO.target[where TRel="TRel"] indRelLTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_bisimulation[where Rel="indRelLTPO TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes bisim: "weak_reduction_bisimulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧*" shows "weak_reduction_bisimulation (TRel⇧*) Target" proof from bisim target trel show "weak_reduction_simulation (TRel⇧*) Target" using rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_simulation[where TRel="TRel" and Rel="Rel"] by blast next show "∀P Q Q'. (P, Q) ∈ TRel⇧* ∧ Q ⟼Target* Q' ⟶ (∃P'. P ⟼Target* P' ∧ (P', Q') ∈ TRel⇧*)" proof clarify fix TP TQ TQ' assume "(TP, TQ) ∈ TRel⇧*" and "TQ ⟼Target* TQ'" thus "∃TP'. TP ⟼Target* TP' ∧ (TP', TQ') ∈ TRel⇧*" proof (induct arbitrary: TQ') fix TQ' assume "TP ⟼Target* TQ'" moreover have "(TQ', TQ') ∈ TRel⇧*" by simp ultimately show "∃TP'. TP ⟼Target* TP' ∧ (TP', TQ') ∈ TRel⇧*" by blast next case (step TQ TR TR') assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover assume "TR ⟼Target* TR'" hence "TargetTerm TR ⟼(STCal Source Target)* (TargetTerm TR')" by (simp add: STCal_steps) ultimately obtain Q' where B1: "TargetTerm TQ ⟼(STCal Source Target)* Q'" and B2: "(Q', TargetTerm TR') ∈ Rel" using bisim by blast from B1 obtain TQ' where B3: "TQ' ∈T Q'" and B4: "TQ ⟼Target* TQ'" by (auto simp add: STCal_steps) assume "⋀TQ'. TQ ⟼Target* TQ' ⟹ ∃TP'. TP ⟼Target* TP' ∧ (TP', TQ') ∈ TRel⇧*" with B4 obtain TP' where B5: "TP ⟼Target* TP'" and B6: "(TP', TQ') ∈ TRel⇧*" by blast from B2 B3 trel have "(TQ', TR') ∈ TRel⇧*" by simp with B6 have "(TP', TR') ∈ TRel⇧*" by simp with B5 show "∃TP'. TP ⟼Target* TP' ∧ (TP', TR') ∈ TRel⇧*" by blast qed qed qed lemma (in encoding) indRelTEQ_impl_TRel_is_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "weak_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" shows "weak_reduction_bisimulation (TRel⇧*) Target" using bisim indRelTEQ.target[where TRel="TRel"] indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond rel_with_target_impl_reflC_transC_TRel_is_weak_reduction_bisimulation[where Rel="indRelTEQ TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_transC_TRel_is_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes bisim: "strong_reduction_bisimulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" shows "strong_reduction_bisimulation (TRel⇧+) Target" proof from bisim target trel show "strong_reduction_simulation (TRel⇧+) Target" using rel_with_target_impl_transC_TRel_is_strong_reduction_simulation[where Rel="Rel" and TRel="TRel"] by blast next show "∀P Q Q'. (P, Q) ∈ TRel⇧+ ∧ Q ⟼Target Q' ⟶ (∃P'. P ⟼Target P' ∧ (P', Q') ∈ TRel⇧+)" proof clarify fix TP TQ TQ' assume "(TP, TQ) ∈ TRel⇧+" and "TQ ⟼Target TQ'" thus "∃TP'. TP ⟼Target TP' ∧ (TP', TQ') ∈ TRel⇧+" proof (induct arbitrary: TQ') fix TQ TQ' assume "(TP, TQ) ∈ TRel" with target have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼Target TQ'" hence "TargetTerm TQ ⟼(STCal Source Target) (TargetTerm TQ')" by (simp add: STCal_step) ultimately obtain P' where A2: "TargetTerm TP ⟼(STCal Source Target) P'" and A3: "(P', TargetTerm TQ') ∈ Rel" using bisim by blast from A2 obtain TP' where A4: "TP ⟼Target TP'" and A5: "TP' ∈T P'" by (auto simp add: STCal_step) from A3 A5 trel have "(TP', TQ') ∈ TRel⇧+" by simp with A4 show "∃TP'. TP ⟼Target TP' ∧ (TP', TQ') ∈ TRel⇧+" by blast next case (step TQ TR TR') assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover assume "TR ⟼Target TR'" hence "TargetTerm TR ⟼(STCal Source Target) (TargetTerm TR')" by (simp add: STCal_step) ultimately obtain Q' where B1: "TargetTerm TQ ⟼(STCal Source Target) Q'" and B2: "(Q', TargetTerm TR') ∈ Rel" using bisim by blast from B1 obtain TQ' where B3: "TQ' ∈T Q'" and B4: "TQ ⟼Target TQ'" by (auto simp add: STCal_step) assume "⋀TQ'. TQ ⟼Target TQ' ⟹ ∃TP'. TP ⟼Target TP' ∧ (TP', TQ') ∈ TRel⇧+" with B4 obtain TP' where B5: "TP ⟼Target TP'" and B6: "(TP', TQ') ∈ TRel⇧+" by blast from B2 B3 trel have "(TQ', TR') ∈ TRel⇧+" by simp with B6 have "(TP', TR') ∈ TRel⇧+" by simp with B5 show "∃TP'. TP ⟼Target TP' ∧ (TP', TR') ∈ TRel⇧+" by blast qed qed qed lemma (in encoding) indRelRTPO_impl_TRel_is_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "strong_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" shows "strong_reduction_bisimulation (TRel⇧+) Target" using bisim indRelRTPO.target[where TRel="TRel"] indRelRTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_strong_reduction_bisimulation[where Rel="indRelRTPO TRel" and TRel="TRel"] by blast lemma (in encoding) indRelLTPO_impl_TRel_is_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "strong_reduction_bisimulation (indRelLTPO TRel) (STCal Source Target)" shows "strong_reduction_bisimulation (TRel⇧+) Target" using bisim indRelLTPO.target[where TRel="TRel"] indRelLTPO_to_TRel(4)[where TRel="TRel"] rel_with_target_impl_transC_TRel_is_strong_reduction_bisimulation[where Rel="indRelLTPO TRel" and TRel="TRel"] by blast lemma (in encoding) rel_with_target_impl_reflC_transC_TRel_is_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes bisim: "strong_reduction_bisimulation Rel (STCal Source Target)" and target: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and trel: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧*" shows "strong_reduction_bisimulation (TRel⇧*) Target" proof from bisim target trel show "strong_reduction_simulation (TRel⇧*) Target" using rel_with_target_impl_reflC_transC_TRel_is_strong_reduction_simulation[where Rel="Rel" and TRel="TRel"] by blast next show "∀P Q Q'. (P, Q) ∈ TRel⇧* ∧ Q ⟼Target Q' ⟶ (∃P'. P ⟼Target P' ∧ (P', Q') ∈ TRel⇧*)" proof clarify fix TP TQ TQ' assume "(TP, TQ) ∈ TRel⇧*" and "TQ ⟼Target TQ'" thus "∃TP'. TP ⟼Target TP' ∧ (TP', TQ') ∈ TRel⇧*" proof (induct arbitrary: TQ') fix TQ' assume "TP ⟼Target TQ'" thus "∃TP'. TP ⟼Target TP' ∧ (TP', TQ') ∈ TRel⇧*" by blast next case (step TQ TR TR') assume "(TQ, TR) ∈ TRel" with target have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp moreover assume "TR ⟼Target TR'" hence "TargetTerm TR ⟼(STCal Source Target) (TargetTerm TR')" by (simp add: STCal_step) ultimately obtain Q' where B1: "TargetTerm TQ ⟼(STCal Source Target) Q'" and B2: "(Q', TargetTerm TR') ∈ Rel" using bisim by blast from B1 obtain TQ' where B3: "TQ' ∈T Q'" and B4: "TQ ⟼Target TQ'" by (auto simp add: STCal_step) assume "⋀TQ'. TQ ⟼Target TQ' ⟹ ∃TP'. TP ⟼Target TP' ∧ (TP', TQ') ∈ TRel⇧*" with B4 obtain TP' where B5: "TP ⟼Target TP'" and B6: "(TP', TQ') ∈ TRel⇧*" by blast from B2 B3 trel have "(TQ', TR') ∈ TRel⇧*" by simp with B6 have "(TP', TR') ∈ TRel⇧*" by simp with B5 show "∃TP'. TP ⟼Target TP' ∧ (TP', TR') ∈ TRel⇧*" by blast qed qed qed lemma (in encoding) indRelTEQ_impl_TRel_is_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "strong_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" shows "strong_reduction_bisimulation (TRel⇧*) Target" using bisim indRelTEQ.target[where TRel="TRel"] indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond rel_with_target_impl_reflC_transC_TRel_is_strong_reduction_bisimulation[where Rel="indRelTEQ TRel" and TRel="TRel"] by blast lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_is_weak_barbed_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "weak_barbed_bisimulation (indRelRTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_bisimulation (TRel⇧+) TWB" proof from bisim show "weak_reduction_bisimulation (TRel⇧+) (Calculus TWB)" using indRelRTPO_impl_TRel_is_weak_reduction_bisimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from bisim show "rel_weakly_respects_barbs (TRel⇧+) TWB" using indRelRTPO_impl_TRel_weakly_respects_barbs[where TRel="TRel"] weak_respection_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_is_weak_barbed_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "weak_barbed_bisimulation (indRelLTPO TRel) (STCalWB SWB TWB)" shows "weak_barbed_bisimulation (TRel⇧+) TWB" proof from bisim show "weak_reduction_bisimulation (TRel⇧+) (Calculus TWB)" using indRelLTPO_impl_TRel_is_weak_reduction_bisimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from bisim show "rel_weakly_respects_barbs (TRel⇧+) TWB" using indRelLTPO_impl_TRel_weakly_respects_barbs[where TRel="TRel"] weak_respection_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_is_weak_barbed_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "weak_barbed_bisimulation (indRelTEQ TRel) (STCalWB SWB TWB)" shows "weak_barbed_bisimulation (TRel⇧*) TWB" proof from bisim show "weak_reduction_bisimulation (TRel⇧*) (Calculus TWB)" using indRelTEQ_impl_TRel_is_weak_reduction_bisimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from bisim show "rel_weakly_respects_barbs (TRel⇧*) TWB" using indRelTEQ_impl_TRel_weakly_respects_barbs[where TRel="TRel"] weak_respection_of_barbs_and_closures(5)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelRTPO_impl_TRel_is_strong_barbed_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "strong_barbed_bisimulation (indRelRTPO TRel) (STCalWB SWB TWB)" shows "strong_barbed_bisimulation (TRel⇧+) TWB" proof from bisim show "strong_reduction_bisimulation (TRel⇧+) (Calculus TWB)" using indRelRTPO_impl_TRel_is_strong_reduction_bisimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from bisim show "rel_respects_barbs (TRel⇧+) TWB" using indRelRTPO_impl_TRel_respects_barbs[where TRel="TRel"] respection_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelLTPO_impl_TRel_is_strong_barbed_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "strong_barbed_bisimulation (indRelLTPO TRel) (STCalWB SWB TWB)" shows "strong_barbed_bisimulation (TRel⇧+) TWB" proof from bisim refl show "strong_reduction_bisimulation (TRel⇧+) (Calculus TWB)" using indRelLTPO_impl_TRel_is_strong_reduction_bisimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from bisim show "rel_respects_barbs (TRel⇧+) TWB" using indRelLTPO_impl_TRel_respects_barbs[where TRel="TRel"] respection_of_barbs_and_closures(3)[where Rel="TRel" and CWB="TWB"] by blast qed lemma (in encoding_wrt_barbs) indRelTEQ_impl_TRel_is_strong_barbed_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes bisim: "strong_barbed_bisimulation (indRelTEQ TRel) (STCalWB SWB TWB)" shows "strong_barbed_bisimulation (TRel⇧*) TWB" proof from bisim refl show "strong_reduction_bisimulation (TRel⇧*) (Calculus TWB)" using indRelTEQ_impl_TRel_is_strong_reduction_bisimulation[where TRel="TRel"] by (simp add: STCalWB_def calS calT) next from bisim show "rel_respects_barbs (TRel⇧*) TWB" using indRelTEQ_impl_TRel_respects_barbs[where TRel="TRel"] respection_of_barbs_and_closures(5)[where Rel="TRel" and CWB="TWB"] by blast qed subsection ‹Relations Induced by the Encoding and Relations on Source Terms and Target Terms› text ‹Some encodability like e.g. full abstraction are defined w.r.t. a relation on source terms and a relation on target terms. To analyse such criteria we include these two relations in the considered relation on the disjoint union of source and target terms.› inductive_set (in encoding) indRelRST :: "('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRST SRel TRel" | source: "(S1, S2) ∈ SRel ⟹ (SourceTerm S1, SourceTerm S2) ∈ indRelRST SRel TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelRST SRel TRel" abbreviation (in encoding) indRelRSTinfix :: "('procS, 'procT) Proc ⇒ ('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧R<_,_> _" [75, 75, 75, 75] 80) where "P ℛ⟦⋅⟧R<SRel,TRel> Q ≡ (P, Q) ∈ indRelRST SRel TRel" inductive_set (in encoding) indRelRSTPO :: "('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRSTPO SRel TRel" | source: "(S1, S2) ∈ SRel ⟹ (SourceTerm S1, SourceTerm S2) ∈ indRelRSTPO SRel TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelRSTPO SRel TRel" | trans: "⟦(P, Q) ∈ indRelRSTPO SRel TRel; (Q, R) ∈ indRelRSTPO SRel TRel⟧ ⟹ (P, R) ∈ indRelRSTPO SRel TRel" abbreviation (in encoding) indRelRSTPOinfix :: "('procS, 'procT) Proc ⇒ ('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ≲⟦⋅⟧R<_,_> _" [75, 75, 75, 75] 80) where "P ≲⟦⋅⟧R<SRel,TRel> Q ≡ (P, Q) ∈ indRelRSTPO SRel TRel" lemma (in encoding) indRelRSTPO_refl: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflS: "refl SRel" and reflT: "refl TRel" shows "refl (indRelRSTPO SRel TRel)" unfolding refl_on_def proof auto fix P show "P ≲⟦⋅⟧R<SRel,TRel> P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" with reflS show "P ≲⟦⋅⟧R<SRel,TRel> P" unfolding refl_on_def by (simp add: indRelRSTPO.source) next case (TargetTerm TP) assume "TP ∈T P" with reflT show "P ≲⟦⋅⟧R<SRel,TRel> P" unfolding refl_on_def by (simp add: indRelRSTPO.target) qed qed lemma (in encoding) indRelRSTPO_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" shows "trans (indRelRSTPO SRel TRel)" unfolding trans_def proof clarify fix P Q R assume "P ≲⟦⋅⟧R<SRel,TRel> Q" and "Q ≲⟦⋅⟧R<SRel,TRel> R" thus "P ≲⟦⋅⟧R<SRel,TRel> R" by (rule indRelRSTPO.trans) qed lemma (in encoding) refl_trans_closure_of_indRelRST: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflS: "refl SRel" and reflT: "refl TRel" shows "indRelRSTPO SRel TRel = (indRelRST SRel TRel)⇧*" proof auto fix P Q assume "P ≲⟦⋅⟧R<SRel,TRel> Q" thus "(P, Q) ∈ (indRelRST SRel TRel)⇧*" proof induct case (encR S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ (indRelRST SRel TRel)⇧*" using indRelRST.encR[of S SRel TRel] by simp next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "(SourceTerm S1, SourceTerm S2) ∈ (indRelRST SRel TRel)⇧*" using indRelRST.source[of S1 S2 SRel TRel] by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ (indRelRST SRel TRel)⇧*" using indRelRST.target[of T1 T2 TRel SRel] by simp next case (trans P Q R) assume "(P, Q) ∈ (indRelRST SRel TRel)⇧*" and "(Q, R) ∈ (indRelRST SRel TRel)⇧*" thus "(P, R) ∈ (indRelRST SRel TRel)⇧*" by simp qed next fix P Q assume "(P, Q) ∈ (indRelRST SRel TRel)⇧*" thus "P ≲⟦⋅⟧R<SRel,TRel> Q" proof induct from reflS reflT show "P ≲⟦⋅⟧R<SRel,TRel> P" using indRelRSTPO_refl[of SRel TRel] unfolding refl_on_def by simp next case (step Q R) assume "P ≲⟦⋅⟧R<SRel,TRel> Q" moreover assume "Q ℛ⟦⋅⟧R<SRel,TRel> R" hence "Q ≲⟦⋅⟧R<SRel,TRel> R" by (induct, simp_all add: indRelRSTPO.intros) ultimately show "P ≲⟦⋅⟧R<SRel,TRel> R" by (rule indRelRSTPO.trans) qed qed inductive_set (in encoding) indRelLST :: "('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" where encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelLST SRel TRel" | source: "(S1, S2) ∈ SRel ⟹ (SourceTerm S1, SourceTerm S2) ∈ indRelLST SRel TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelLST SRel TRel" abbreviation (in encoding) indRelLSTinfix :: "('procS, 'procT) Proc ⇒ ('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧L<_,_> _" [75, 75, 75, 75] 80) where "P ℛ⟦⋅⟧L<SRel,TRel> Q ≡ (P, Q) ∈ indRelLST SRel TRel" inductive_set (in encoding) indRelLSTPO :: "('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" where encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelLSTPO SRel TRel" | source: "(S1, S2) ∈ SRel ⟹ (SourceTerm S1, SourceTerm S2) ∈ indRelLSTPO SRel TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelLSTPO SRel TRel" | trans: "⟦(P, Q) ∈ indRelLSTPO SRel TRel; (Q, R) ∈ indRelLSTPO SRel TRel⟧ ⟹ (P, R) ∈ indRelLSTPO SRel TRel" abbreviation (in encoding) indRelLSTPOinfix :: "('procS, 'procT) Proc ⇒ ('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ≲⟦⋅⟧L<_,_> _" [75, 75, 75, 75] 80) where "P ≲⟦⋅⟧L<SRel,TRel> Q ≡ (P, Q) ∈ indRelLSTPO SRel TRel" lemma (in encoding) indRelLSTPO_refl: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflS: "refl SRel" and reflT: "refl TRel" shows "refl (indRelLSTPO SRel TRel)" unfolding refl_on_def proof auto fix P show "P ≲⟦⋅⟧L<SRel,TRel> P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" with reflS show "P ≲⟦⋅⟧L<SRel,TRel> P" unfolding refl_on_def by (simp add: indRelLSTPO.source) next case (TargetTerm TP) assume "TP ∈T P" with reflT show "P ≲⟦⋅⟧L<SRel,TRel> P" unfolding refl_on_def by (simp add: indRelLSTPO.target) qed qed lemma (in encoding) indRelLSTPO_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" shows "trans (indRelLSTPO SRel TRel)" unfolding trans_def proof clarify fix P Q R assume "P ≲⟦⋅⟧L<SRel,TRel> Q" and "Q ≲⟦⋅⟧L<SRel,TRel> R" thus "P ≲⟦⋅⟧L<SRel,TRel> R" by (rule indRelLSTPO.trans) qed lemma (in encoding) refl_trans_closure_of_indRelLST: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflS: "refl SRel" and reflT: "refl TRel" shows "indRelLSTPO SRel TRel = (indRelLST SRel TRel)⇧*" proof auto fix P Q assume "P ≲⟦⋅⟧L<SRel,TRel> Q" thus "(P, Q) ∈ (indRelLST SRel TRel)⇧*" proof induct case (encL S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ (indRelLST SRel TRel)⇧*" using indRelLST.encL[of S SRel TRel] by simp next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "(SourceTerm S1, SourceTerm S2) ∈ (indRelLST SRel TRel)⇧*" using indRelLST.source[of S1 S2 SRel TRel] by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ (indRelLST SRel TRel)⇧*" using indRelLST.target[of T1 T2 TRel SRel] by simp next case (trans P Q R) assume "(P, Q) ∈ (indRelLST SRel TRel)⇧*" and "(Q, R) ∈ (indRelLST SRel TRel)⇧*" thus "(P, R) ∈ (indRelLST SRel TRel)⇧*" by simp qed next fix P Q assume "(P, Q) ∈ (indRelLST SRel TRel)⇧*" thus "P ≲⟦⋅⟧L<SRel,TRel> Q" proof induct from reflS reflT show " P ≲⟦⋅⟧L<SRel,TRel> P" using indRelLSTPO_refl[of SRel TRel] unfolding refl_on_def by simp next case (step Q R) assume "P ≲⟦⋅⟧L<SRel,TRel> Q" moreover assume "Q ℛ⟦⋅⟧L<SRel,TRel> R" hence "Q ≲⟦⋅⟧L<SRel,TRel> R" by (induct, simp_all add: indRelLSTPO.intros) ultimately show "P ≲⟦⋅⟧L<SRel,TRel> R" by (rule indRelLSTPO.trans) qed qed inductive_set (in encoding) indRelST :: "('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelST SRel TRel" | encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelST SRel TRel" | source: "(S1, S2) ∈ SRel ⟹ (SourceTerm S1, SourceTerm S2) ∈ indRelST SRel TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelST SRel TRel" abbreviation (in encoding) indRelSTinfix :: "('procS, 'procT) Proc ⇒ ('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ℛ⟦⋅⟧<_,_> _" [75, 75, 75, 75] 80) where "P ℛ⟦⋅⟧<SRel,TRel> Q ≡ (P, Q) ∈ indRelST SRel TRel" lemma (in encoding) indRelST_symm: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes symmS: "sym SRel" and symmT: "sym TRel" shows "sym (indRelST SRel TRel)" unfolding sym_def proof clarify fix P Q assume "(P, Q) ∈ indRelST SRel TRel" thus "(Q, P) ∈ indRelST SRel TRel" proof induct case (encR S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelST SRel TRel" by (rule indRelST.encL) next case (encL S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelST SRel TRel" by (rule indRelST.encR) next case (source S1 S2) assume "(S1, S2) ∈ SRel" with symmS show "(SourceTerm S2, SourceTerm S1) ∈ indRelST SRel TRel" unfolding sym_def by (simp add: indRelST.source) next case (target T1 T2) assume "(T1, T2) ∈ TRel" with symmT show "(TargetTerm T2, TargetTerm T1) ∈ indRelST SRel TRel" unfolding sym_def by (simp add: indRelST.target) qed qed inductive_set (in encoding) indRelSTEQ :: "('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ((('procS, 'procT) Proc) × (('procS, 'procT) Proc)) set" for SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" where encR: "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelSTEQ SRel TRel" | encL: "(TargetTerm (⟦S⟧), SourceTerm S) ∈ indRelSTEQ SRel TRel" | source: "(S1, S2) ∈ SRel ⟹ (SourceTerm S1, SourceTerm S2) ∈ indRelSTEQ SRel TRel" | target: "(T1, T2) ∈ TRel ⟹ (TargetTerm T1, TargetTerm T2) ∈ indRelSTEQ SRel TRel" | trans: "⟦(P, Q) ∈ indRelSTEQ SRel TRel; (Q, R) ∈ indRelSTEQ SRel TRel⟧ ⟹ (P, R) ∈ indRelSTEQ SRel TRel" abbreviation (in encoding) indRelSTEQinfix :: "('procS, 'procT) Proc ⇒ ('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ ('procS, 'procT) Proc ⇒ bool" ("_ ∼⟦⋅⟧<_,_> _" [75, 75, 75, 75] 80) where "P ∼⟦⋅⟧<SRel,TRel> Q ≡ (P, Q) ∈ indRelSTEQ SRel TRel" lemma (in encoding) indRelSTEQ_refl: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflT: "refl TRel" shows "refl (indRelSTEQ SRel TRel)" unfolding refl_on_def proof auto fix P show "P ∼⟦⋅⟧<SRel,TRel> P" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" moreover have "SourceTerm SP ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦SP⟧)" by (rule indRelSTEQ.encR) moreover have "TargetTerm (⟦SP⟧) ∼⟦⋅⟧<SRel,TRel> SourceTerm SP" by (rule indRelSTEQ.encL) ultimately show "P ∼⟦⋅⟧<SRel,TRel> P" by (simp add: indRelSTEQ.trans[where P="SourceTerm SP" and Q="TargetTerm (⟦SP⟧)"]) next case (TargetTerm TP) assume "TP ∈T P" with reflT show "P ∼⟦⋅⟧<SRel,TRel> P" unfolding refl_on_def by (simp add: indRelSTEQ.target) qed qed lemma (in encoding) indRelSTEQ_symm: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes symmS: "sym SRel" and symmT: "sym TRel" shows "sym (indRelSTEQ SRel TRel)" unfolding sym_def proof clarify fix P Q assume "P ∼⟦⋅⟧<SRel,TRel> Q" thus "Q ∼⟦⋅⟧<SRel,TRel> P" proof induct case (encR S) show "TargetTerm (⟦S⟧) ∼⟦⋅⟧<SRel,TRel> SourceTerm S" by (rule indRelSTEQ.encL) next case (encL S) show "SourceTerm S ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦S⟧)" by (rule indRelSTEQ.encR) next case (source S1 S2) assume "(S1, S2) ∈ SRel" with symmS show "SourceTerm S2 ∼⟦⋅⟧<SRel,TRel> SourceTerm S1" unfolding sym_def by (simp add: indRelSTEQ.source) next case (target T1 T2) assume "(T1, T2) ∈ TRel" with symmT show "TargetTerm T2 ∼⟦⋅⟧<SRel,TRel> TargetTerm T1" unfolding sym_def by (simp add: indRelSTEQ.target) next case (trans P Q R) assume "R ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> P" thus "R ∼⟦⋅⟧<SRel,TRel> P" by (rule indRelSTEQ.trans) qed qed lemma (in encoding) indRelSTEQ_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" shows "trans (indRelSTEQ SRel TRel)" unfolding trans_def proof clarify fix P Q R assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed lemma (in encoding) refl_trans_closure_of_indRelST: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflT: "refl TRel" shows "indRelSTEQ SRel TRel = (indRelST SRel TRel)⇧*" proof auto fix P Q assume "P ∼⟦⋅⟧<SRel,TRel> Q" thus "(P, Q) ∈ (indRelST SRel TRel)⇧*" proof induct case (encR S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ (indRelST SRel TRel)⇧*" using indRelST.encR[of S SRel TRel] by simp next case (encL S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ (indRelST SRel TRel)⇧*" using indRelST.encL[of S SRel TRel] by simp next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "(SourceTerm S1, SourceTerm S2) ∈ (indRelST SRel TRel)⇧*" using indRelST.source[of S1 S2 SRel TRel] by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ (indRelST SRel TRel)⇧*" using indRelST.target[of T1 T2 TRel SRel] by simp next case (trans P Q R) assume "(P, Q) ∈ (indRelST SRel TRel)⇧*" and "(Q, R) ∈ (indRelST SRel TRel)⇧*" thus "(P, R) ∈ (indRelST SRel TRel)⇧*" by simp qed next fix P Q assume "(P, Q) ∈ (indRelST SRel TRel)⇧*" thus "P ∼⟦⋅⟧<SRel,TRel> Q" proof induct from reflT show "P ∼⟦⋅⟧<SRel,TRel> P" using indRelSTEQ_refl[of TRel SRel] unfolding refl_on_def by simp next case (step Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" moreover assume "Q ℛ⟦⋅⟧<SRel,TRel> R" hence "Q ∼⟦⋅⟧<SRel,TRel> R" by (induct, simp_all add: indRelSTEQ.intros) ultimately show "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed qed lemma (in encoding) refl_symm_trans_closure_of_indRelST: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflT: "refl TRel" and symmS: "sym SRel" and symmT: "sym TRel" shows "indRelSTEQ SRel TRel = (symcl ((indRelST SRel TRel)⇧=))⇧+" proof - have "(symcl ((indRelST SRel TRel)⇧=))⇧+ = (symcl (indRelST SRel TRel))⇧*" by (rule refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRelST SRel TRel"]) moreover from symmS symmT have "symcl (indRelST SRel TRel) = indRelST SRel TRel" using indRelST_symm[where SRel="SRel" and TRel="TRel"] symm_closure_of_symm_rel[where Rel="indRelST SRel TRel"] by blast ultimately show "indRelSTEQ SRel TRel = (symcl ((indRelST SRel TRel)⇧=))⇧+" using reflT refl_trans_closure_of_indRelST[where SRel="SRel" and TRel="TRel"] by simp qed lemma (in encoding) symm_closure_of_indRelRST: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflT: "refl TRel" and symmS: "sym SRel" and symmT: "sym TRel" shows "indRelST SRel TRel = symcl (indRelRST SRel TRel)" and "indRelSTEQ SRel TRel = (symcl ((indRelRST SRel TRel)⇧=))⇧+" proof - show "indRelST SRel TRel = symcl (indRelRST SRel TRel)" proof auto fix P Q assume "P ℛ⟦⋅⟧<SRel,TRel> Q" thus "(P, Q) ∈ symcl (indRelRST SRel TRel)" by (induct, simp_all add: symcl_def indRelRST.intros) next fix P Q assume "(P, Q) ∈ symcl (indRelRST SRel TRel)" thus "P ℛ⟦⋅⟧<SRel,TRel> Q" proof (auto simp add: symcl_def indRelRST.simps) fix S show "SourceTerm S ℛ⟦⋅⟧<SRel,TRel> TargetTerm (⟦S⟧)" by (rule indRelST.encR) next fix S1 S2 assume "(S1, S2) ∈ SRel" thus "SourceTerm S1 ℛ⟦⋅⟧<SRel,TRel> SourceTerm S2" by (rule indRelST.source) next fix T1 T2 assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ℛ⟦⋅⟧<SRel,TRel> TargetTerm T2" by (rule indRelST.target) next fix S show "TargetTerm (⟦S⟧) ℛ⟦⋅⟧<SRel,TRel> SourceTerm S" by (rule indRelST.encL) next fix S1 S2 assume "(S1, S2) ∈ SRel" with symmS show "SourceTerm S2 ℛ⟦⋅⟧<SRel,TRel> SourceTerm S1" unfolding sym_def by (simp add: indRelST.source) next fix T1 T2 assume "(T1, T2) ∈ TRel" with symmT show "(TargetTerm T2, TargetTerm T1) ∈ indRelST SRel TRel" unfolding sym_def by (simp add: indRelST.target) qed qed with reflT show "indRelSTEQ SRel TRel = (symcl ((indRelRST SRel TRel)⇧=))⇧+" using refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRelRST SRel TRel"] refl_trans_closure_of_indRelST by simp qed lemma (in encoding) symm_closure_of_indRelLST: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflT: "refl TRel" and symmS: "sym SRel" and symmT: "sym TRel" shows "indRelST SRel TRel = symcl (indRelLST SRel TRel)" and "indRelSTEQ SRel TRel = (symcl ((indRelLST SRel TRel)⇧=))⇧+" proof - show "indRelST SRel TRel = symcl (indRelLST SRel TRel)" proof auto fix P Q assume "P ℛ⟦⋅⟧<SRel,TRel> Q" thus "(P, Q) ∈ symcl (indRelLST SRel TRel)" by (induct, simp_all add: symcl_def indRelLST.intros) next fix P Q assume "(P, Q) ∈ symcl (indRelLST SRel TRel)" thus "P ℛ⟦⋅⟧<SRel,TRel> Q" proof (auto simp add: symcl_def indRelLST.simps) fix S show "SourceTerm S ℛ⟦⋅⟧<SRel,TRel> TargetTerm (⟦S⟧)" by (rule indRelST.encR) next fix S1 S2 assume "(S1, S2) ∈ SRel" thus "SourceTerm S1 ℛ⟦⋅⟧<SRel,TRel> SourceTerm S2" by (rule indRelST.source) next fix T1 T2 assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ℛ⟦⋅⟧<SRel,TRel> TargetTerm T2" by (rule indRelST.target) next fix S show "TargetTerm (⟦S⟧) ℛ⟦⋅⟧<SRel,TRel> SourceTerm S" by (rule indRelST.encL) next fix S1 S2 assume "(S1, S2) ∈ SRel" with symmS show "SourceTerm S2 ℛ⟦⋅⟧<SRel,TRel> SourceTerm S1" unfolding sym_def by (simp add: indRelST.source) next fix T1 T2 assume "(T1, T2) ∈ TRel" with symmT show "TargetTerm T2 ℛ⟦⋅⟧<SRel,TRel> TargetTerm T1" unfolding sym_def by (simp add: indRelST.target) qed qed with reflT show "indRelSTEQ SRel TRel = (symcl ((indRelLST SRel TRel)⇧=))⇧+" using refl_symm_trans_closure_is_symm_refl_trans_closure[where Rel="indRelLST SRel TRel"] refl_trans_closure_of_indRelST by simp qed lemma (in encoding) symm_trans_closure_of_indRelRSTPO: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes symmS: "sym SRel" and symmT: "sym TRel" shows "indRelSTEQ SRel TRel = (symcl (indRelRSTPO SRel TRel))⇧+" proof auto fix P Q assume "P ∼⟦⋅⟧<SRel,TRel> Q" thus "(P, Q) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" proof induct case (encR S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" using indRelRSTPO.encR[of S SRel TRel] unfolding symcl_def by auto next case (encL S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" using indRelRSTPO.encR[of S SRel TRel] unfolding symcl_def by auto next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "(SourceTerm S1, SourceTerm S2) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" using indRelRSTPO.source[of S1 S2 SRel TRel] unfolding symcl_def by auto next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" using indRelRSTPO.target[of T1 T2 TRel SRel] unfolding symcl_def by auto next case (trans P Q R) assume "(P, Q) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" and "(Q, R) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" thus "(P, R) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" by simp qed next fix P Q assume "(P, Q) ∈ (symcl (indRelRSTPO SRel TRel))⇧+" thus "P ∼⟦⋅⟧<SRel,TRel> Q" proof induct fix Q assume "(P, Q) ∈ symcl (indRelRSTPO SRel TRel)" thus "P ∼⟦⋅⟧<SRel,TRel> Q" proof (cases "P ≲⟦⋅⟧R<SRel,TRel> Q", simp_all add: symcl_def) assume "P ≲⟦⋅⟧R<SRel,TRel> Q" thus "P ∼⟦⋅⟧<SRel,TRel> Q" proof induct case (encR S) show "SourceTerm S ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦S⟧)" by (rule indRelSTEQ.encR) next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2" by (rule indRelSTEQ.source) next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2" by (rule indRelSTEQ.target) next case (trans P Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed next assume "Q ≲⟦⋅⟧R<SRel,TRel> P" thus "P ∼⟦⋅⟧<SRel,TRel> Q" proof induct case (encR S) show "TargetTerm (⟦S⟧) ∼⟦⋅⟧<SRel,TRel> SourceTerm S" by (rule indRelSTEQ.encL) next case (source S1 S2) assume "(S1, S2) ∈ SRel" with symmS show "SourceTerm S2 ∼⟦⋅⟧<SRel,TRel> SourceTerm S1" unfolding sym_def by (simp add: indRelSTEQ.source) next case (target T1 T2) assume "(T1, T2) ∈ TRel" with symmT show "TargetTerm T2 ∼⟦⋅⟧<SRel,TRel> TargetTerm T1" unfolding sym_def by (simp add: indRelSTEQ.target) next case (trans P Q R) assume "R ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> P" thus "R ∼⟦⋅⟧<SRel,TRel> P" by (rule indRelSTEQ.trans) qed qed next case (step Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" moreover assume "(Q, R) ∈ symcl (indRelRSTPO SRel TRel)" hence "Q ∼⟦⋅⟧<SRel,TRel> R" proof (auto simp add: symcl_def) assume "Q ≲⟦⋅⟧R<SRel,TRel> R" thus "Q ∼⟦⋅⟧<SRel,TRel> R" proof (induct, simp add: indRelSTEQ.encR, simp add: indRelSTEQ.source, simp add: indRelSTEQ.target) case (trans P Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed next assume "R ≲⟦⋅⟧R<SRel,TRel> Q" hence "R ∼⟦⋅⟧<SRel,TRel> Q" proof (induct, simp add: indRelSTEQ.encR, simp add: indRelSTEQ.source, simp add: indRelSTEQ.target) case (trans P Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed with symmS symmT show "Q ∼⟦⋅⟧<SRel,TRel> R" using indRelSTEQ_symm[of SRel TRel] unfolding sym_def by blast qed ultimately show "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed qed lemma (in encoding) symm_trans_closure_of_indRelLSTPO: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes symmS: "sym SRel" and symmT: "sym TRel" shows "indRelSTEQ SRel TRel = (symcl (indRelLSTPO SRel TRel))⇧+" proof auto fix P Q assume "P ∼⟦⋅⟧<SRel,TRel> Q" thus "(P, Q) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" proof induct case (encR S) show "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" using indRelLSTPO.encL[of S SRel TRel] unfolding symcl_def by blast next case (encL S) show "(TargetTerm (⟦S⟧), SourceTerm S) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" using indRelLSTPO.encL[of S SRel TRel] unfolding symcl_def by blast next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "(SourceTerm S1, SourceTerm S2) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" using indRelLSTPO.source[of S1 S2 SRel TRel] unfolding symcl_def by blast next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" using indRelLSTPO.target[of T1 T2 TRel SRel] unfolding symcl_def by blast next case (trans P Q R) assume "(P, Q) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" and "(Q, R) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" thus "(P, R) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" by simp qed next fix P Q assume "(P, Q) ∈ (symcl (indRelLSTPO SRel TRel))⇧+" thus "P ∼⟦⋅⟧<SRel,TRel> Q" proof induct fix Q assume "(P, Q) ∈ symcl (indRelLSTPO SRel TRel)" thus "P ∼⟦⋅⟧<SRel,TRel> Q" unfolding symcl_def proof auto assume "P ≲⟦⋅⟧L<SRel,TRel> Q" thus "P ∼⟦⋅⟧<SRel,TRel> Q" proof (induct, simp add: indRelSTEQ.encL, simp add: indRelSTEQ.source, simp add: indRelSTEQ.target) case (trans P Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed next assume "Q ≲⟦⋅⟧L<SRel,TRel> P" hence "Q ∼⟦⋅⟧<SRel,TRel> P" proof (induct, simp add: indRelSTEQ.encL, simp add: indRelSTEQ.source, simp add: indRelSTEQ.target) case (trans P Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed with symmS symmT show "P ∼⟦⋅⟧<SRel,TRel> Q" using indRelSTEQ_symm[of SRel TRel] unfolding sym_def by blast qed next case (step Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" moreover assume "(Q, R) ∈ symcl (indRelLSTPO SRel TRel)" hence "Q ∼⟦⋅⟧<SRel,TRel> R" unfolding symcl_def proof auto assume "Q ≲⟦⋅⟧L<SRel,TRel> R" thus "Q ∼⟦⋅⟧<SRel,TRel> R" proof (induct, simp add: indRelSTEQ.encL, simp add: indRelSTEQ.source, simp add: indRelSTEQ.target) case (trans P Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed next assume "R ≲⟦⋅⟧L<SRel,TRel> Q" hence "R ∼⟦⋅⟧<SRel,TRel> Q" proof (induct, simp add: indRelSTEQ.encL, simp add: indRelSTEQ.source, simp add: indRelSTEQ.target) case (trans P Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed with symmS symmT show "Q ∼⟦⋅⟧<SRel,TRel> R" using indRelSTEQ_symm[of SRel TRel] unfolding sym_def by blast qed ultimately show "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed qed text ‹If the relations indRelRST, indRelLST, or indRelST contain a pair of target terms, then this pair is also related by the considered target term relation. Similarly a pair of source terms is related by the considered source term relation.› lemma (in encoding) indRelRST_to_SRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and SP SQ :: "'procS" assumes rel: "SourceTerm SP ℛ⟦⋅⟧R<SRel,TRel> SourceTerm SQ" shows "(SP, SQ) ∈ SRel" using rel by (simp add: indRelRST.simps) lemma (in encoding) indRelRST_to_TRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and TP TQ :: "'procT" assumes rel: "TargetTerm TP ℛ⟦⋅⟧R<SRel,TRel> TargetTerm TQ" shows "(TP, TQ) ∈ TRel" using rel by (simp add: indRelRST.simps) lemma (in encoding) indRelLST_to_SRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and SP SQ :: "'procS" assumes rel: "SourceTerm SP ℛ⟦⋅⟧L<SRel,TRel> SourceTerm SQ" shows "(SP, SQ) ∈ SRel" using rel by (simp add: indRelLST.simps) lemma (in encoding) indRelLST_to_TRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and TP TQ :: "'procT" assumes rel: "TargetTerm TP ℛ⟦⋅⟧L<SRel,TRel> TargetTerm TQ" shows "(TP, TQ) ∈ TRel" using rel by (simp add: indRelLST.simps) lemma (in encoding) indRelST_to_SRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and SP SQ :: "'procS" assumes rel: "SourceTerm SP ℛ⟦⋅⟧<SRel,TRel> SourceTerm SQ" shows "(SP, SQ) ∈ SRel" using rel by (simp add: indRelST.simps) lemma (in encoding) indRelST_to_TRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and TP TQ :: "'procT" assumes rel: "TargetTerm TP ℛ⟦⋅⟧<SRel,TRel> TargetTerm TQ" shows "(TP, TQ) ∈ TRel" using rel by (simp add: indRelST.simps) text ‹If the relations indRelRSTPO or indRelLSTPO contain a pair of target terms, then this pair is also related by the transitive closure of the considered target term relation. Similarly a pair of source terms is related by the transitive closure of the source term relation. A pair of a source and a target term results from the combination of pairs in the source relation, the target relation, and the encoding function. Note that, because of the symmetry, no similar condition holds for indRelSTEQ.› lemma (in encoding) indRelRSTPO_to_SRel_and_TRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes "P ≲⟦⋅⟧R<SRel,TRel> Q" shows "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (SP, SQ) ∈ SRel⇧+" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TQ) ∈ TRel⇧*)" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ False" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" using assms proof induct case (encR S) show "∀SP SQ. SP ∈S SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ (SP, SQ) ∈ SRel⇧+" and "∀TP SQ. TP ∈T SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ False" and "∀TP TQ. TP ∈T SourceTerm S ∧ TQ ∈T TargetTerm (⟦S⟧) ⟶ (TP, TQ) ∈ TRel⇧+" by simp+ have "(S, S) ∈ SRel⇧*" by simp moreover have "(⟦S⟧, ⟦S⟧) ∈ TRel⇧*" by simp ultimately show "∀SP TQ. SP ∈S SourceTerm S ∧ TQ ∈T TargetTerm (⟦S⟧) ⟶ (∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TQ) ∈ TRel⇧*)" by blast next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "∀SP SQ. SP ∈S SourceTerm S1 ∧ SQ ∈S SourceTerm S2 ⟶ (SP, SQ) ∈ SRel⇧+" by simp show "∀SP TQ. SP ∈S SourceTerm S1 ∧ TQ ∈T SourceTerm S2 ⟶ (∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TQ) ∈ TRel⇧*)" and "∀TP SQ. TP ∈T SourceTerm S1 ∧ SQ ∈S SourceTerm S2 ⟶ False" and "∀TP TQ. TP ∈T SourceTerm S1 ∧ TQ ∈T SourceTerm S2 ⟶ (TP, TQ) ∈ TRel⇧+" by simp+ next case (target T1 T2) show "∀SP SQ. SP ∈S TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (SP, SQ) ∈ SRel⇧+" and "∀SP TQ. SP ∈S TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TQ) ∈ TRel⇧*)" and "∀TP SQ. TP ∈T TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ False" by simp+ assume "(T1, T2) ∈ TRel" thus "∀TP TQ. TP ∈T TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (TP, TQ) ∈ TRel⇧+" by simp next case (trans P Q R) assume A1: "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (SP, SQ) ∈ SRel⇧+" and A2: "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TQ) ∈ TRel⇧*)" and A3: "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ False" and A4: "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" and A5: "∀SQ SR. SQ ∈S Q ∧ SR ∈S R ⟶ (SQ, SR) ∈ SRel⇧+" and A6: "∀SQ TR. SQ ∈S Q ∧ TR ∈T R ⟶ (∃S. (SQ, S) ∈ SRel⇧* ∧ (⟦S⟧, TR) ∈ TRel⇧*)" and A7: "∀TQ SR. TQ ∈T Q ∧ SR ∈S R ⟶ False" and A8: "∀TQ TR. TQ ∈T Q ∧ TR ∈T R ⟶ (TQ, TR) ∈ TRel⇧+" show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ (SP, SR) ∈ SRel⇧+" proof clarify fix SP SR assume A9: "SP ∈S P" and A10: "SR ∈S R" show "(SP, SR) ∈ SRel⇧+" proof (cases Q) case (SourceTerm SQ) assume A11: "SQ ∈S Q" with A1 A9 have "(SP, SQ) ∈ SRel⇧+" by simp moreover from A5 A10 A11 have "(SQ, SR) ∈ SRel⇧+" by simp ultimately show "(SP, SR) ∈ SRel⇧+" by simp next case (TargetTerm TQ) assume "TQ ∈T Q" with A7 A10 show "(SP, SR) ∈ SRel⇧+" by blast qed qed show "∀SP TR. SP ∈S P ∧ TR ∈T R ⟶ (∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TR) ∈ TRel⇧*)" proof clarify fix SP TR assume A9: "SP ∈S P" and A10: "TR ∈T R" show "∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TR) ∈ TRel⇧*" proof (cases Q) case (SourceTerm SQ) assume A11: "SQ ∈S Q" with A6 A10 obtain S where A12: "(SQ, S) ∈ SRel⇧*" and A13: "(⟦S⟧, TR) ∈ TRel⇧*" by blast from A1 A9 A11 have "(SP, SQ) ∈ SRel⇧*" by simp from this A12 have "(SP, S) ∈ SRel⇧*" by simp with A13 show "∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TR) ∈ TRel⇧*" by blast next case (TargetTerm TQ) assume A11: "TQ ∈T Q" with A2 A9 obtain S where A12: "(SP, S) ∈ SRel⇧*" and A13: "(⟦S⟧, TQ) ∈ TRel⇧*" by blast from A8 A10 A11 have "(TQ, TR) ∈ TRel⇧*" by simp with A13 have "(⟦S⟧, TR) ∈ TRel⇧*" by simp with A12 show "∃S. (SP, S) ∈ SRel⇧* ∧ (⟦S⟧, TR) ∈ TRel⇧*" by blast qed qed show "∀TP SR. TP ∈T P ∧ SR ∈S R ⟶ False" proof clarify fix TP SR assume A9: "TP ∈T P" and A10: "SR ∈S R" show "False" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A3 A9 show "False" by blast next case (TargetTerm TQ) assume "TQ ∈T Q" with A7 A10 show "False" by blast qed qed show "∀TP TR. TP ∈T P ∧ TR ∈T R ⟶ (TP, TR) ∈ TRel⇧+" proof clarify fix TP TR assume A9: "TP ∈T P" and A10: "TR ∈T R" show "(TP, TR) ∈ TRel⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A3 A9 show "(TP, TR) ∈ TRel⇧+" by blast next case (TargetTerm TQ) assume A11: "TQ ∈T Q" with A4 A9 have "(TP, TQ) ∈ TRel⇧+" by simp moreover from A8 A10 A11 have "(TQ, TR) ∈ TRel⇧+" by simp ultimately show "(TP, TR) ∈ TRel⇧+" by simp qed qed qed lemma (in encoding) indRelLSTPO_to_SRel_and_TRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes "P ≲⟦⋅⟧L<SRel,TRel> Q" shows "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (SP, SQ) ∈ SRel⇧+" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ False" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SQ) ∈ SRel⇧*)" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" using assms proof induct case (encL S) show "∀SP SQ. SP ∈S TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ (SP, SQ) ∈ SRel⇧+" and "∀SP TQ. SP ∈S TargetTerm (⟦S⟧) ∧ TQ ∈T SourceTerm S ⟶ False" and "∀TP TQ. TP ∈T TargetTerm (⟦S⟧) ∧ TQ ∈T SourceTerm S ⟶ (TP, TQ) ∈ TRel⇧+" by simp+ have "(⟦S⟧, ⟦S⟧) ∈ TRel⇧*" by simp moreover have "(S, S) ∈ SRel⇧*" by simp ultimately show "∀TP SQ. TP ∈T TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ (∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SQ) ∈ SRel⇧*)" by blast next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "∀SP SQ. SP ∈S SourceTerm S1 ∧ SQ ∈S SourceTerm S2 ⟶ (SP, SQ) ∈ SRel⇧+" by simp show "∀SP TQ. SP ∈S SourceTerm S1 ∧ TQ ∈T SourceTerm S2 ⟶ False" and "∀TP SQ. TP ∈T SourceTerm S1 ∧ SQ ∈S SourceTerm S2 ⟶ (∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SQ) ∈ SRel⇧*)" and "∀TP TQ. TP ∈T SourceTerm S1 ∧ TQ ∈T SourceTerm S2 ⟶ (TP, TQ) ∈ TRel⇧+" by simp+ next case (target T1 T2) show "∀SP SQ. SP ∈S TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (SP, SQ) ∈ SRel⇧+" and "∀SP TQ. SP ∈S TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ False" and "∀TP SQ. TP ∈T TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SQ) ∈ SRel⇧*)" by simp+ assume "(T1, T2) ∈ TRel" thus "∀TP TQ. TP ∈T TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (TP, TQ) ∈ TRel⇧+" by simp next case (trans P Q R) assume A1: "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (SP, SQ) ∈ SRel⇧+" and A2: "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ False" and A3: "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SQ) ∈ SRel⇧*)" and A4: "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel⇧+" and A5: "∀SQ SR. SQ ∈S Q ∧ SR ∈S R ⟶ (SQ, SR) ∈ SRel⇧+" and A6: "∀SQ TR. SQ ∈S Q ∧ TR ∈T R ⟶ False" and A7: "∀TQ SR. TQ ∈T Q ∧ SR ∈S R ⟶ (∃S. (TQ, ⟦S⟧) ∈ TRel⇧* ∧ (S, SR) ∈ SRel⇧*)" and A8: "∀TQ TR. TQ ∈T Q ∧ TR ∈T R ⟶ (TQ, TR) ∈ TRel⇧+" show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ (SP, SR) ∈ SRel⇧+" proof clarify fix SP SR assume A9: "SP ∈S P" and A10: "SR ∈S R" show "(SP, SR) ∈ SRel⇧+" proof (cases Q) case (SourceTerm SQ) assume A11: "SQ ∈S Q" with A1 A9 have "(SP, SQ) ∈ SRel⇧+" by simp moreover from A5 A10 A11 have "(SQ, SR) ∈ SRel⇧+" by simp ultimately show "(SP, SR) ∈ SRel⇧+" by simp next case (TargetTerm TQ) assume "TQ ∈T Q" with A2 A9 show "(SP, SR) ∈ SRel⇧+" by blast qed qed show "∀SP TR. SP ∈S P ∧ TR ∈T R ⟶ False" proof clarify fix SP TR assume A9: "SP ∈S P" and A10: "TR ∈T R" show "False" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A6 A10 show "False" by blast next case (TargetTerm TQ) assume "TQ ∈T Q" with A2 A9 show "False" by blast qed qed show "∀TP SR. TP ∈T P ∧ SR ∈S R ⟶ (∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SR) ∈ SRel⇧*)" proof clarify fix TP SR assume A9: "TP ∈T P" and A10: "SR ∈S R" show "∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SR) ∈ SRel⇧*" proof (cases Q) case (SourceTerm SQ) assume A11: "SQ ∈S Q" with A3 A9 obtain S where A12: "(TP, ⟦S⟧) ∈ TRel⇧*" and A13: "(S, SQ) ∈ SRel⇧*" by blast from A5 A10 A11 have "(SQ, SR) ∈ SRel⇧*" by simp with A13 have "(S, SR) ∈ SRel⇧*" by simp with A12 show "∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SR) ∈ SRel⇧*" by blast next case (TargetTerm TQ) assume A11: "TQ ∈T Q" with A7 A10 obtain S where A12: "(TQ, ⟦S⟧) ∈ TRel⇧*" and A13: "(S, SR) ∈ SRel⇧*" by blast from A4 A9 A11 have "(TP, TQ) ∈ TRel⇧*" by simp from this A12 have "(TP, ⟦S⟧) ∈ TRel⇧*" by simp with A13 show "∃S. (TP, ⟦S⟧) ∈ TRel⇧* ∧ (S, SR) ∈ SRel⇧*" by blast qed qed show "∀TP TR. TP ∈T P ∧ TR ∈T R ⟶ (TP, TR) ∈ TRel⇧+" proof clarify fix TP TR assume A9: "TP ∈T P" and A10: "TR ∈T R" show "(TP, TR) ∈ TRel⇧+" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A6 A10 show "(TP, TR) ∈ TRel⇧+" by blast next case (TargetTerm TQ) assume A11: "TQ ∈T Q" with A4 A9 have "(TP, TQ) ∈ TRel⇧+" by simp moreover from A8 A10 A11 have "(TQ, TR) ∈ TRel⇧+" by simp ultimately show "(TP, TR) ∈ TRel⇧+" by simp qed qed qed text ‹If indRelRSTPO, indRelLSTPO, or indRelSTPO preserves barbs then so do the corresponding source term and target term relations.› lemma (in encoding_wrt_barbs) rel_with_source_impl_SRel_preserves_barbs: fixes SRel :: "('procS × 'procS) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes preservation: "rel_preserves_barbs Rel (STCalWB SWB TWB)" and sourceInRel: "∀S1 S2. (S1, S2) ∈ SRel ⟶ (SourceTerm S1, SourceTerm S2) ∈ Rel" shows "rel_preserves_barbs SRel SWB" proof clarify fix SP SQ a assume "(SP, SQ) ∈ SRel" with sourceInRel have "(SourceTerm SP, SourceTerm SQ) ∈ Rel" by blast moreover assume "SP↓<SWB>a" hence "SourceTerm SP↓.a" by simp ultimately have "SourceTerm SQ↓.a" using preservation preservation_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast thus "SQ↓<SWB>a" by simp qed lemma (in encoding_wrt_barbs) indRelRSTPO_impl_SRel_and_TRel_preserve_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes preservation: "rel_preserves_barbs (indRelRSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_preserves_barbs SRel SWB" and "rel_preserves_barbs TRel TWB" proof - show "rel_preserves_barbs SRel SWB" using preservation rel_with_source_impl_SRel_preserves_barbs[where Rel="indRelRSTPO SRel TRel" and SRel="SRel"] by (simp add: indRelRSTPO.source) next show "rel_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_preserves_barbs[where Rel="indRelRSTPO SRel TRel" and TRel="TRel"] by (simp add: indRelRSTPO.target) qed lemma (in encoding_wrt_barbs) indRelLSTPO_impl_SRel_and_TRel_preserve_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes preservation: "rel_preserves_barbs (indRelLSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_preserves_barbs SRel SWB" and "rel_preserves_barbs TRel TWB" proof - show "rel_preserves_barbs SRel SWB" using preservation rel_with_source_impl_SRel_preserves_barbs[where Rel="indRelLSTPO SRel TRel" and SRel="SRel"] by (simp add: indRelLSTPO.source) next show "rel_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_preserves_barbs[where Rel="indRelLSTPO SRel TRel" and TRel="TRel"] by (simp add: indRelLSTPO.target) qed lemma (in encoding_wrt_barbs) indRelSTEQ_impl_SRel_and_TRel_preserve_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes preservation: "rel_preserves_barbs (indRelSTEQ SRel TRel) (STCalWB SWB TWB)" shows "rel_preserves_barbs SRel SWB" and "rel_preserves_barbs TRel TWB" proof - show "rel_preserves_barbs SRel SWB" using preservation rel_with_source_impl_SRel_preserves_barbs[where Rel="indRelSTEQ SRel TRel" and SRel="SRel"] by (simp add: indRelSTEQ.source) next show "rel_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_preserves_barbs[where Rel="indRelSTEQ SRel TRel" and TRel="TRel"] by (simp add: indRelSTEQ.target) qed lemma (in encoding_wrt_barbs) rel_with_source_impl_SRel_weakly_preserves_barbs: fixes SRel :: "('procS × 'procS) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes preservation: "rel_weakly_preserves_barbs Rel (STCalWB SWB TWB)" and sourceInRel: "∀S1 S2. (S1, S2) ∈ SRel ⟶ (SourceTerm S1, SourceTerm S2) ∈ Rel" shows "rel_weakly_preserves_barbs SRel SWB" proof clarify fix SP SQ a SP' assume "(SP, SQ) ∈ SRel" with sourceInRel have "(SourceTerm SP, SourceTerm SQ) ∈ Rel" by blast moreover assume "SP ⟼(Calculus SWB)* SP'" and "SP'↓<SWB>a" hence "SourceTerm SP⇓.a" by blast ultimately have "SourceTerm SQ⇓.a" using preservation weak_preservation_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast thus "SQ⇓<SWB>a" by simp qed lemma (in encoding_wrt_barbs) indRelRSTPO_impl_SRel_and_TRel_weakly_preserve_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes preservation: "rel_weakly_preserves_barbs (indRelRSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_preserves_barbs SRel SWB" and "rel_weakly_preserves_barbs TRel TWB" proof - show "rel_weakly_preserves_barbs SRel SWB" using preservation rel_with_source_impl_SRel_weakly_preserves_barbs[where Rel="indRelRSTPO SRel TRel" and SRel="SRel"] by (simp add: indRelRSTPO.source) next show "rel_weakly_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_weakly_preserves_barbs[where Rel="indRelRSTPO SRel TRel" and TRel="TRel"] by (simp add: indRelRSTPO.target) qed lemma (in encoding_wrt_barbs) indRelLSTPO_impl_SRel_and_TRel_weakly_preserve_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes preservation: "rel_weakly_preserves_barbs (indRelLSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_preserves_barbs SRel SWB" and "rel_weakly_preserves_barbs TRel TWB" proof - show "rel_weakly_preserves_barbs SRel SWB" using preservation rel_with_source_impl_SRel_weakly_preserves_barbs[where Rel="indRelLSTPO SRel TRel" and SRel="SRel"] by (simp add: indRelLSTPO.source) next show "rel_weakly_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_weakly_preserves_barbs[where Rel="indRelLSTPO SRel TRel" and TRel="TRel"] by (simp add: indRelLSTPO.target) qed lemma (in encoding_wrt_barbs) indRelSTEQ_impl_SRel_and_TRel_weakly_preserve_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes preservation: "rel_weakly_preserves_barbs (indRelSTEQ SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_preserves_barbs SRel SWB" and "rel_weakly_preserves_barbs TRel TWB" proof - show "rel_weakly_preserves_barbs SRel SWB" using preservation rel_with_source_impl_SRel_weakly_preserves_barbs[where Rel="indRelSTEQ SRel TRel" and SRel="SRel"] by (simp add: indRelSTEQ.source) next show "rel_weakly_preserves_barbs TRel TWB" using preservation rel_with_target_impl_TRel_weakly_preserves_barbs[where Rel="indRelSTEQ SRel TRel" and TRel="TRel"] by (simp add: indRelSTEQ.target) qed text ‹If indRelRSTPO, indRelLSTPO, or indRelSTPO reflects barbs then so do the corresponding source term and target term relations.› lemma (in encoding_wrt_barbs) rel_with_source_impl_SRel_reflects_barbs: fixes SRel :: "('procS × 'procS) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes reflection: "rel_reflects_barbs Rel (STCalWB SWB TWB)" and sourceInRel: "∀S1 S2. (S1, S2) ∈ SRel ⟶ (SourceTerm S1, SourceTerm S2) ∈ Rel" shows "rel_reflects_barbs SRel SWB" proof clarify fix SP SQ a assume "(SP, SQ) ∈ SRel" with sourceInRel have "(SourceTerm SP, SourceTerm SQ) ∈ Rel" by blast moreover assume "SQ↓<SWB>a" hence "SourceTerm SQ↓.a" by simp ultimately have "SourceTerm SP↓.a" using reflection reflection_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast thus "SP↓<SWB>a" by simp qed lemma (in encoding_wrt_barbs) indRelRSTPO_impl_SRel_and_TRel_reflect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflection: "rel_reflects_barbs (indRelRSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_reflects_barbs SRel SWB" and "rel_reflects_barbs TRel TWB" proof - show "rel_reflects_barbs SRel SWB" using reflection rel_with_source_impl_SRel_reflects_barbs[where Rel="indRelRSTPO SRel TRel" and SRel="SRel"] by (simp add: indRelRSTPO.source) next show "rel_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_reflects_barbs[where Rel="indRelRSTPO SRel TRel" and TRel="TRel"] by (simp add: indRelRSTPO.target) qed lemma (in encoding_wrt_barbs) indRelLSTPO_impl_SRel_and_TRel_reflect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflection: "rel_reflects_barbs (indRelLSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_reflects_barbs SRel SWB" and "rel_reflects_barbs TRel TWB" proof - show "rel_reflects_barbs SRel SWB" using reflection rel_with_source_impl_SRel_reflects_barbs[where Rel="indRelLSTPO SRel TRel" and SRel="SRel"] by (simp add: indRelLSTPO.source) next show "rel_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_reflects_barbs[where Rel="indRelLSTPO SRel TRel" and TRel="TRel"] by (simp add: indRelLSTPO.target) qed lemma (in encoding_wrt_barbs) indRelSTEQ_impl_SRel_and_TRel_reflect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflection: "rel_reflects_barbs (indRelSTEQ SRel TRel) (STCalWB SWB TWB)" shows "rel_reflects_barbs SRel SWB" and "rel_reflects_barbs TRel TWB" proof - show "rel_reflects_barbs SRel SWB" using reflection rel_with_source_impl_SRel_reflects_barbs[where Rel="indRelSTEQ SRel TRel" and SRel="SRel"] by (simp add: indRelSTEQ.source) next show "rel_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_reflects_barbs[where Rel="indRelSTEQ SRel TRel" and TRel="TRel"] by (simp add: indRelSTEQ.target) qed lemma (in encoding_wrt_barbs) rel_with_source_impl_SRel_weakly_reflects_barbs: fixes SRel :: "('procS × 'procS) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes reflection: "rel_weakly_reflects_barbs Rel (STCalWB SWB TWB)" and sourceInRel: "∀S1 S2. (S1, S2) ∈ SRel ⟶ (SourceTerm S1, SourceTerm S2) ∈ Rel" shows "rel_weakly_reflects_barbs SRel SWB" proof clarify fix SP SQ a SQ' assume "(SP, SQ) ∈ SRel" with sourceInRel have "(SourceTerm SP, SourceTerm SQ) ∈ Rel" by blast moreover assume "SQ ⟼(Calculus SWB)* SQ'" and "SQ'↓<SWB>a" hence "SourceTerm SQ⇓.a" by blast ultimately have "SourceTerm SP⇓.a" using reflection weak_reflection_of_barbs_in_barbed_encoding[where Rel="Rel"] by blast thus "SP⇓<SWB>a" by simp qed lemma (in encoding_wrt_barbs) indRelRSTPO_impl_SRel_and_TRel_weakly_reflect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflection: "rel_weakly_reflects_barbs (indRelRSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_reflects_barbs SRel SWB" and "rel_weakly_reflects_barbs TRel TWB" proof - show "rel_weakly_reflects_barbs SRel SWB" using reflection rel_with_source_impl_SRel_weakly_reflects_barbs[where Rel="indRelRSTPO SRel TRel" and SRel="SRel"] by (simp add: indRelRSTPO.source) next show "rel_weakly_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_weakly_reflects_barbs[where Rel="indRelRSTPO SRel TRel" and TRel="TRel"] by (simp add: indRelRSTPO.target) qed lemma (in encoding_wrt_barbs) indRelLSTPO_impl_SRel_and_TRel_weakly_reflect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflection: "rel_weakly_reflects_barbs (indRelLSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_reflects_barbs SRel SWB" and "rel_weakly_reflects_barbs TRel TWB" proof - show "rel_weakly_reflects_barbs SRel SWB" using reflection rel_with_source_impl_SRel_weakly_reflects_barbs[where Rel="indRelLSTPO SRel TRel" and SRel="SRel"] by (simp add: indRelLSTPO.source) next show "rel_weakly_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_weakly_reflects_barbs[where Rel="indRelLSTPO SRel TRel" and TRel="TRel"] by (simp add: indRelLSTPO.target) qed lemma (in encoding_wrt_barbs) indRelSTEQ_impl_SRel_and_TRel_weakly_reflect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes reflection: "rel_weakly_reflects_barbs (indRelSTEQ SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_reflects_barbs SRel SWB" and "rel_weakly_reflects_barbs TRel TWB" proof - show "rel_weakly_reflects_barbs SRel SWB" using reflection rel_with_source_impl_SRel_weakly_reflects_barbs[where Rel="indRelSTEQ SRel TRel" and SRel="SRel"] by (simp add: indRelSTEQ.source) next show "rel_weakly_reflects_barbs TRel TWB" using reflection rel_with_target_impl_TRel_weakly_reflects_barbs[where Rel="indRelSTEQ SRel TRel" and TRel="TRel"] by (simp add: indRelSTEQ.target) qed text ‹If indRelRSTPO, indRelLSTPO, or indRelSTPO respects barbs then so do the corresponding source term and target term relations.› lemma (in encoding_wrt_barbs) indRelRSTPO_impl_SRel_and_TRel_respect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes respection: "rel_respects_barbs (indRelRSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_respects_barbs SRel SWB" and "rel_respects_barbs TRel TWB" proof - show "rel_respects_barbs SRel SWB" using respection indRelRSTPO_impl_SRel_and_TRel_preserve_barbs(1)[where SRel="SRel" and TRel="TRel"] indRelRSTPO_impl_SRel_and_TRel_reflect_barbs(1)[where SRel="SRel" and TRel="TRel"] by blast next show "rel_respects_barbs TRel TWB" using respection indRelRSTPO_impl_SRel_and_TRel_preserve_barbs(2)[where SRel="SRel" and TRel="TRel"] indRelRSTPO_impl_SRel_and_TRel_reflect_barbs(2)[where SRel="SRel" and TRel="TRel"] by blast qed lemma (in encoding_wrt_barbs) indRelLSTPO_impl_SRel_and_TRel_respect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes respection: "rel_respects_barbs (indRelLSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_respects_barbs SRel SWB" and "rel_respects_barbs TRel TWB" proof - show "rel_respects_barbs SRel SWB" using respection indRelLSTPO_impl_SRel_and_TRel_preserve_barbs(1)[where SRel="SRel" and TRel="TRel"] indRelLSTPO_impl_SRel_and_TRel_reflect_barbs(1)[where SRel="SRel" and TRel="TRel"] by blast next show "rel_respects_barbs TRel TWB" using respection indRelLSTPO_impl_SRel_and_TRel_preserve_barbs(2)[where SRel="SRel" and TRel="TRel"] indRelLSTPO_impl_SRel_and_TRel_reflect_barbs(2)[where SRel="SRel" and TRel="TRel"] by blast qed lemma (in encoding_wrt_barbs) indRelSTEQ_impl_SRel_and_TRel_respect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes respection: "rel_respects_barbs (indRelSTEQ SRel TRel) (STCalWB SWB TWB)" shows "rel_respects_barbs SRel SWB" and "rel_respects_barbs TRel TWB" proof - show "rel_respects_barbs SRel SWB" using respection indRelSTEQ_impl_SRel_and_TRel_preserve_barbs(1)[where SRel="SRel" and TRel="TRel"] indRelSTEQ_impl_SRel_and_TRel_reflect_barbs(1)[where SRel="SRel" and TRel="TRel"] by blast next show "rel_respects_barbs TRel TWB" using respection indRelSTEQ_impl_SRel_and_TRel_preserve_barbs(2)[where SRel="SRel" and TRel="TRel"] indRelSTEQ_impl_SRel_and_TRel_reflect_barbs(2)[where SRel="SRel" and TRel="TRel"] by blast qed lemma (in encoding_wrt_barbs) indRelRSTPO_impl_SRel_and_TRel_weakly_respect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes respection: "rel_weakly_respects_barbs (indRelRSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_respects_barbs SRel SWB" and "rel_weakly_respects_barbs TRel TWB" proof - show "rel_weakly_respects_barbs SRel SWB" using respection indRelRSTPO_impl_SRel_and_TRel_weakly_preserve_barbs(1)[where SRel="SRel" and TRel="TRel"] indRelRSTPO_impl_SRel_and_TRel_weakly_reflect_barbs(1)[where SRel="SRel" and TRel="TRel"] by blast next show "rel_weakly_respects_barbs TRel TWB" using respection indRelRSTPO_impl_SRel_and_TRel_weakly_preserve_barbs(2)[where SRel="SRel" and TRel="TRel"] indRelRSTPO_impl_SRel_and_TRel_weakly_reflect_barbs(2)[where SRel="SRel" and TRel="TRel"] by blast qed lemma (in encoding_wrt_barbs) indRelLSTPO_impl_SRel_and_TRel_weakly_respect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes respection: "rel_weakly_respects_barbs (indRelLSTPO SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_respects_barbs SRel SWB" and "rel_weakly_respects_barbs TRel TWB" proof - show "rel_weakly_respects_barbs SRel SWB" using respection indRelLSTPO_impl_SRel_and_TRel_weakly_preserve_barbs(1)[where SRel="SRel" and TRel="TRel"] indRelLSTPO_impl_SRel_and_TRel_weakly_reflect_barbs(1)[where SRel="SRel" and TRel="TRel"] by blast next show "rel_weakly_respects_barbs TRel TWB" using respection indRelLSTPO_impl_SRel_and_TRel_weakly_preserve_barbs(2)[where SRel="SRel" and TRel="TRel"] indRelLSTPO_impl_SRel_and_TRel_weakly_reflect_barbs(2)[where SRel="SRel" and TRel="TRel"] by blast qed lemma (in encoding_wrt_barbs) indRelSTEQ_impl_SRel_and_TRel_weakly_respect_barbs: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes respection: "rel_weakly_respects_barbs (indRelSTEQ SRel TRel) (STCalWB SWB TWB)" shows "rel_weakly_respects_barbs SRel SWB" and "rel_weakly_respects_barbs TRel TWB" proof - show "rel_weakly_respects_barbs SRel SWB" using respection indRelSTEQ_impl_SRel_and_TRel_weakly_preserve_barbs(1)[where SRel="SRel" and TRel="TRel"] indRelSTEQ_impl_SRel_and_TRel_weakly_reflect_barbs(1)[where SRel="SRel" and TRel="TRel"] by blast next show "rel_weakly_respects_barbs TRel TWB" using respection indRelSTEQ_impl_SRel_and_TRel_weakly_preserve_barbs(2)[where SRel="SRel" and TRel="TRel"] indRelSTEQ_impl_SRel_and_TRel_weakly_reflect_barbs(2)[where SRel="SRel" and TRel="TRel"] by blast qed text ‹If TRel is reflexive then ind relRTPO is a subrelation of indRelTEQ. If SRel is reflexive then indRelRTPO is a subrelation of indRelRTPO. Moreover, indRelRSTPO is a subrelation of indRelSTEQ.› lemma (in encoding) indRelRTPO_to_indRelTEQ: fixes TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes rel: "P ≲⟦⋅⟧RT<TRel> Q" and reflT: "refl TRel" shows "P ∼⟦⋅⟧T<TRel> Q" using rel proof induct case (encR S) show "SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧)" by (rule indRelTEQ.encR) next case (source S) from reflT show "SourceTerm S ∼⟦⋅⟧T<TRel> SourceTerm S" using indRelTEQ_refl[of TRel] unfolding refl_on_def by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ∼⟦⋅⟧T<TRel> TargetTerm T2" by (rule indRelTEQ.target) next case (trans TP TQ TR) assume "TP ∼⟦⋅⟧T<TRel> TQ" and "TQ ∼⟦⋅⟧T<TRel> TR" thus "TP ∼⟦⋅⟧T<TRel> TR" by (rule indRelTEQ.trans) qed lemma (in encoding) indRelRTPO_to_indRelRSTPO: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes rel: "P ≲⟦⋅⟧RT<TRel> Q" and reflS: "refl SRel" shows "P ≲⟦⋅⟧R<SRel,TRel> Q" using rel proof induct case (encR S) show "SourceTerm S ≲⟦⋅⟧R<SRel,TRel> TargetTerm (⟦S⟧)" by (rule indRelRSTPO.encR) next case (source S) from reflS show "SourceTerm S ≲⟦⋅⟧R<SRel,TRel> SourceTerm S" unfolding refl_on_def by (simp add: indRelRSTPO.source) next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ≲⟦⋅⟧R<SRel,TRel> TargetTerm T2" by (rule indRelRSTPO.target) next case (trans P Q R) assume "P ≲⟦⋅⟧R<SRel,TRel> Q" and "Q ≲⟦⋅⟧R<SRel,TRel> R" thus "P ≲⟦⋅⟧R<SRel,TRel> R" by (rule indRelRSTPO.trans) qed lemma (in encoding) indRelRSTPO_to_indRelSTEQ: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes rel: "P ≲⟦⋅⟧R<SRel,TRel> Q" shows "P ∼⟦⋅⟧<SRel,TRel> Q" using rel proof induct case (encR S) show "SourceTerm S ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦S⟧)" by (rule indRelSTEQ.encR) next case (source S1 S2) assume "(S1, S2) ∈ SRel" thus "SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2" by (rule indRelSTEQ.source) next case (target T1 T2) assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2" by (rule indRelSTEQ.target) next case (trans P Q R) assume "P ∼⟦⋅⟧<SRel,TRel> Q" and "Q ∼⟦⋅⟧<SRel,TRel> R" thus "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) qed text ‹If indRelRTPO is a bisimulation and SRel is a reflexive bisimulation then also indRelRSTPO is a bisimulation.› lemma (in encoding) indRelRTPO_weak_reduction_bisimulation_impl_indRelRSTPO_bisimulation: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes bisimT: "weak_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" and bisimS: "weak_reduction_bisimulation SRel Source" and reflS: "refl SRel" shows "weak_reduction_bisimulation (indRelRSTPO SRel TRel) (STCal Source Target)" proof auto fix P Q P' assume "P ≲⟦⋅⟧R<SRel,TRel> Q" and "P ⟼(STCal Source Target)* P'" thus "∃Q'. Q ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" proof (induct arbitrary: P') case (encR S) have "SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (rule indRelRTPO.encR) moreover assume "SourceTerm S ⟼(STCal Source Target)* P'" ultimately obtain Q' where A1: "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q'" and A2: "P' ≲⟦⋅⟧RT<TRel> Q'" using bisimT by blast from reflS A2 have "P' ≲⟦⋅⟧R<SRel,TRel> Q'" by (simp add: indRelRTPO_to_indRelRSTPO) with A1 show "∃Q'. TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" by blast next case (source S1 S2) assume "SourceTerm S1 ⟼(STCal Source Target)* P'" from this obtain S1' where B1: "S1' ∈S P'" and B2: "S1 ⟼Source* S1'" by (auto simp add: STCal_steps(1)) assume "(S1, S2) ∈ SRel" with B2 bisimS obtain S2' where B3: "S2 ⟼Source* S2'" and B4: "(S1', S2') ∈ SRel" by blast from B3 have "SourceTerm S2 ⟼(STCal Source Target)* (SourceTerm S2')" by (simp add: STCal_steps(1)) moreover from B1 B4 have "P' ≲⟦⋅⟧R<SRel,TRel> SourceTerm S2'" by (simp add: indRelRSTPO.source) ultimately show "∃Q'. SourceTerm S2 ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" by blast next case (target T1 T2) assume "(T1, T2) ∈ TRel" hence "TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (rule indRelRTPO.target) moreover assume "TargetTerm T1 ⟼(STCal Source Target)* P'" ultimately obtain Q' where C1: "TargetTerm T2 ⟼(STCal Source Target)* Q'" and C2: "P' ≲⟦⋅⟧RT<TRel> Q'" using bisimT by blast from reflS C2 have "P' ≲⟦⋅⟧R<SRel,TRel> Q'" by (simp add: indRelRTPO_to_indRelRSTPO) with C1 show "∃Q'. TargetTerm T2 ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" by blast next case (trans P Q R) assume "P ⟼(STCal Source Target)* P'" and "⋀P'. P ⟼(STCal Source Target)* P' ⟹ ∃Q'. Q ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" from this obtain Q' where D1: "Q ⟼(STCal Source Target)* Q'" and D2: "P' ≲⟦⋅⟧R<SRel,TRel> Q'" by blast assume "⋀Q'. Q ⟼(STCal Source Target)* Q' ⟹ ∃R'. R ⟼(STCal Source Target)* R' ∧ Q' ≲⟦⋅⟧R<SRel,TRel> R'" with D1 obtain R' where D3: "R ⟼(STCal Source Target)* R'" and D4: "Q' ≲⟦⋅⟧R<SRel,TRel> R'" by blast from D2 D4 have "P' ≲⟦⋅⟧R<SRel,TRel> R'" by (rule indRelRSTPO.trans) with D3 show "∃R'. R ⟼(STCal Source Target)* R' ∧ P' ≲⟦⋅⟧R<SRel,TRel> R'" by blast qed next fix P Q Q' assume "P ≲⟦⋅⟧R<SRel,TRel> Q" and "Q ⟼(STCal Source Target)* Q'" thus "∃P'. P ⟼(STCal Source Target)* P' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" proof (induct arbitrary: Q') case (encR S) have "SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (rule indRelRTPO.encR) moreover assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q'" ultimately obtain P' where E1: "SourceTerm S ⟼(STCal Source Target)* P'" and E2: "P' ≲⟦⋅⟧RT<TRel> Q'" using bisimT by blast from reflS E2 have "P' ≲⟦⋅⟧R<SRel,TRel> Q'" by (simp add: indRelRTPO_to_indRelRSTPO) with E1 show "∃P'. SourceTerm S ⟼(STCal Source Target)* P' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" by blast next case (source S1 S2) assume "SourceTerm S2 ⟼(STCal Source Target)* Q'" from this obtain S2' where F1: "S2' ∈S Q'" and F2: "S2 ⟼Source* S2'" by (auto simp add: STCal_steps(1)) assume "(S1, S2) ∈ SRel" with F2 bisimS obtain S1' where F3: "S1 ⟼Source* S1'" and F4: "(S1', S2') ∈ SRel" by blast from F3 have "SourceTerm S1 ⟼(STCal Source Target)* (SourceTerm S1')" by (simp add: STCal_steps(1)) moreover from F1 F4 have "SourceTerm S1' ≲⟦⋅⟧R<SRel,TRel> Q'" by (simp add: indRelRSTPO.source) ultimately show "∃P'. SourceTerm S1 ⟼(STCal Source Target)* P' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" by blast next case (target T1 T2) assume "(T1, T2) ∈ TRel" hence "TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (rule indRelRTPO.target) moreover assume "TargetTerm T2 ⟼(STCal Source Target)* Q'" ultimately obtain P' where G1: "TargetTerm T1 ⟼(STCal Source Target)* P'" and G2: "P' ≲⟦⋅⟧RT<TRel> Q'" using bisimT by blast from reflS G2 have "P' ≲⟦⋅⟧R<SRel,TRel> Q'" by (simp add: indRelRTPO_to_indRelRSTPO) with G1 show "∃P'. TargetTerm T1 ⟼(STCal Source Target)* P' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" by blast next case (trans P Q R R') assume "R ⟼(STCal Source Target)* R'" and "⋀R'. R ⟼(STCal Source Target)* R' ⟹ ∃Q'. Q ⟼(STCal Source Target)* Q' ∧ Q' ≲⟦⋅⟧R<SRel,TRel> R'" from this obtain Q' where H1: "Q ⟼(STCal Source Target)* Q'" and H2: "Q' ≲⟦⋅⟧R<SRel,TRel> R'" by blast assume "⋀Q'. Q ⟼(STCal Source Target)* Q' ⟹ ∃P'. P ⟼(STCal Source Target)* P' ∧ P' ≲⟦⋅⟧R<SRel,TRel> Q'" with H1 obtain P' where H3: "P ⟼(STCal Source Target)* P'" and H4: "P' ≲⟦⋅⟧R<SRel,TRel> Q'" by blast from H4 H2 have "P' ≲⟦⋅⟧R<SRel,TRel> R'" by (rule indRelRSTPO.trans) with H3 show "∃P'. P ⟼(STCal Source Target)* P' ∧ P' ≲⟦⋅⟧R<SRel,TRel> R'" by blast qed qed end
Theory SuccessSensitiveness
theory SuccessSensitiveness imports SourceTargetRelation begin section ‹Success Sensitiveness and Barbs› text ‹To compare the abstract behavior of two terms, often some notion of success or successful termination is used. Daniele Gorla assumes a constant process (similar to the empty process) that represents successful termination in order to compare the behavior of source terms with their literal translations. Then an encoding is success sensitive if, for all source terms S, S reaches success iff the translation of S reaches success. Successful termination can be considered as some special kind of barb. Accordingly we generalize successful termination to the respection of an arbitrary subset of barbs. An encoding respects a set of barbs if, for every source term S and all considered barbs a, S reaches a iff the translation of S reaches a.› abbreviation (in encoding_wrt_barbs) enc_weakly_preserves_barb_set :: "'barbs set ⇒ bool" where "enc_weakly_preserves_barb_set Barbs ≡ enc_preserves_binary_pred (λP a. a ∈ Barbs ∧ P⇓.a)" abbreviation (in encoding_wrt_barbs) enc_weakly_preserves_barbs :: "bool" where "enc_weakly_preserves_barbs ≡ enc_preserves_binary_pred (λP a. P⇓.a)" lemma (in encoding_wrt_barbs) enc_weakly_preserves_barbs_and_barb_set: shows "enc_weakly_preserves_barbs = (∀Barbs. enc_weakly_preserves_barb_set Barbs)" by blast abbreviation (in encoding_wrt_barbs) enc_weakly_reflects_barb_set :: "'barbs set ⇒ bool" where "enc_weakly_reflects_barb_set Barbs ≡ enc_reflects_binary_pred (λP a. a ∈ Barbs ∧ P⇓.a)" abbreviation (in encoding_wrt_barbs) enc_weakly_reflects_barbs :: "bool" where "enc_weakly_reflects_barbs ≡ enc_reflects_binary_pred (λP a. P⇓.a)" lemma (in encoding_wrt_barbs) enc_weakly_reflects_barbs_and_barb_set: shows "enc_weakly_reflects_barbs = (∀Barbs. enc_weakly_reflects_barb_set Barbs)" by blast abbreviation (in encoding_wrt_barbs) enc_weakly_respects_barb_set :: "'barbs set ⇒ bool" where "enc_weakly_respects_barb_set Barbs ≡ enc_weakly_preserves_barb_set Barbs ∧ enc_weakly_reflects_barb_set Barbs" abbreviation (in encoding_wrt_barbs) enc_weakly_respects_barbs :: "bool" where "enc_weakly_respects_barbs ≡ enc_weakly_preserves_barbs ∧ enc_weakly_reflects_barbs" lemma (in encoding_wrt_barbs) enc_weakly_respects_barbs_and_barb_set: shows "enc_weakly_respects_barbs = (∀Barbs. enc_weakly_respects_barb_set Barbs)" proof - have "(∀Barbs. enc_weakly_respects_barb_set Barbs) = (∀Barbs. (∀S x. x ∈ Barbs ∧ S⇓<SWB>x ⟶ ⟦S⟧⇓<TWB>x) ∧ (∀S x. x ∈ Barbs ∧ ⟦S⟧⇓<TWB>x ⟶ S⇓<SWB>x))" by simp hence "(∀Barbs. enc_weakly_respects_barb_set Barbs) = ((∀Barbs. enc_weakly_preserves_barb_set Barbs) ∧ (∀Barbs. enc_weakly_reflects_barb_set Barbs))" apply simp by fast thus ?thesis apply simp by blast qed text ‹An encoding strongly respects some set of barbs if, for every source term S and all considered barbs a, S has a iff the translation of S has a.› abbreviation (in encoding_wrt_barbs) enc_preserves_barb_set :: "'barbs set ⇒ bool" where "enc_preserves_barb_set Barbs ≡ enc_preserves_binary_pred (λP a. a ∈ Barbs ∧ P↓.a)" abbreviation (in encoding_wrt_barbs) enc_preserves_barbs :: "bool" where "enc_preserves_barbs ≡ enc_preserves_binary_pred (λP a. P↓.a)" lemma (in encoding_wrt_barbs) enc_preserves_barbs_and_barb_set: shows "enc_preserves_barbs = (∀Barbs. enc_preserves_barb_set Barbs)" by blast abbreviation (in encoding_wrt_barbs) enc_reflects_barb_set :: "'barbs set ⇒ bool" where "enc_reflects_barb_set Barbs ≡ enc_reflects_binary_pred (λP a. a ∈ Barbs ∧ P↓.a)" abbreviation (in encoding_wrt_barbs) enc_reflects_barbs :: "bool" where "enc_reflects_barbs ≡ enc_reflects_binary_pred (λP a. P↓.a)" lemma (in encoding_wrt_barbs) enc_reflects_barbs_and_barb_set: shows "enc_reflects_barbs = (∀Barbs. enc_reflects_barb_set Barbs)" by blast abbreviation (in encoding_wrt_barbs) enc_respects_barb_set :: "'barbs set ⇒ bool" where "enc_respects_barb_set Barbs ≡ enc_preserves_barb_set Barbs ∧ enc_reflects_barb_set Barbs" abbreviation (in encoding_wrt_barbs) enc_respects_barbs :: "bool" where "enc_respects_barbs ≡ enc_preserves_barbs ∧ enc_reflects_barbs" lemma (in encoding_wrt_barbs) enc_respects_barbs_and_barb_set: shows "enc_respects_barbs = (∀Barbs. enc_respects_barb_set Barbs)" proof - have "(∀Barbs. enc_respects_barb_set Barbs) = ((∀Barbs. enc_preserves_barb_set Barbs) ∧ (∀Barbs. enc_reflects_barb_set Barbs))" apply simp by fast thus ?thesis apply simp by blast qed text ‹An encoding (weakly) preserves barbs iff (1) there exists a relation, like indRelR, that relates source terms and their literal translations and preserves (reachability/)existence of barbs, or (2) there exists a relation, like indRelL, that relates literal translations and their source terms and reflects (reachability/)existence of barbs.› lemma (in encoding_wrt_barbs) enc_weakly_preserves_barb_set_iff_source_target_rel: fixes Barbs :: "'barbs set" and TRel :: "('procT × 'procT) set" shows "enc_weakly_preserves_barb_set Barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_preserves_barb_set Rel (STCalWB SWB TWB) Barbs)" using enc_preserves_binary_pred_iff_source_target_rel_preserves_binary_pred[where Pred="λP a. a ∈ Barbs ∧ P⇓<STCalWB SWB TWB>a"] STCalWB_reachesBarbST by simp lemma (in encoding_wrt_barbs) enc_weakly_preserves_barbs_iff_source_target_rel: shows "enc_weakly_preserves_barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_preserves_barbs Rel (STCalWB SWB TWB))" using enc_preserves_binary_pred_iff_source_target_rel_preserves_binary_pred[where Pred="λP a. P⇓<STCalWB SWB TWB>a"] STCalWB_reachesBarbST by simp lemma (in encoding_wrt_barbs) enc_preserves_barb_set_iff_source_target_rel: fixes Barbs :: "'barbs set" shows "enc_preserves_barb_set Barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_barb_set Rel (STCalWB SWB TWB) Barbs)" using enc_preserves_binary_pred_iff_source_target_rel_preserves_binary_pred[where Pred="λP a. a ∈ Barbs ∧ P↓<STCalWB SWB TWB>a"] STCalWB_hasBarbST by simp lemma (in encoding_wrt_barbs) enc_preserves_barbs_iff_source_target_rel: shows "enc_preserves_barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_barbs Rel (STCalWB SWB TWB))" using enc_preserves_binary_pred_iff_source_target_rel_preserves_binary_pred[where Pred="λP a. P↓<STCalWB SWB TWB>a"] STCalWB_hasBarbST by simp text ‹An encoding (weakly) reflects barbs iff (1) there exists a relation, like indRelR, that relates source terms and their literal translations and reflects (reachability/)existence of barbs, or (2) there exists a relation, like indRelL, that relates literal translations and their source terms and preserves (reachability/)existence of barbs.› lemma (in encoding_wrt_barbs) enc_weakly_reflects_barb_set_iff_source_target_rel: fixes Barbs :: "'barbs set" shows "enc_weakly_reflects_barb_set Barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_reflects_barb_set Rel (STCalWB SWB TWB) Barbs)" using enc_reflects_binary_pred_iff_source_target_rel_reflects_binary_pred[where Pred="λP a. a ∈ Barbs ∧ P⇓<STCalWB SWB TWB>a"] STCalWB_reachesBarbST by simp lemma (in encoding_wrt_barbs) enc_weakly_reflects_barbs_iff_source_target_rel: shows "enc_weakly_reflects_barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_reflects_barbs Rel (STCalWB SWB TWB))" using enc_reflects_binary_pred_iff_source_target_rel_reflects_binary_pred[where Pred="λP a. P⇓<STCalWB SWB TWB>a"] STCalWB_reachesBarbST by simp lemma (in encoding_wrt_barbs) enc_reflects_barb_set_iff_source_target_rel: fixes Barbs :: "'barbs set" shows "enc_reflects_barb_set Barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_barb_set Rel (STCalWB SWB TWB) Barbs)" using enc_reflects_binary_pred_iff_source_target_rel_reflects_binary_pred[where Pred="λP a. a ∈ Barbs ∧ P↓<STCalWB SWB TWB>a"] STCalWB_hasBarbST by simp lemma (in encoding_wrt_barbs) enc_reflects_barbs_iff_source_target_rel: shows "enc_reflects_barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_barbs Rel (STCalWB SWB TWB))" using enc_reflects_binary_pred_iff_source_target_rel_reflects_binary_pred[where Pred="λP a. P↓<STCalWB SWB TWB>a"] STCalWB_hasBarbST by simp text ‹An encoding (weakly) respects barbs iff (1) there exists a relation, like indRelR, that relates source terms and their literal translations and respects (reachability/)existence of barbs, or (2) there exists a relation, like indRelL, that relates literal translations and their source terms and respects (reachability/)existence of barbs, or (3) there exists a relation, like indRel, that relates source terms and their literal translations in both directions and respects (reachability/)existence of barbs.› lemma (in encoding_wrt_barbs) enc_weakly_respects_barb_set_iff_source_target_rel: fixes Barbs :: "'barbs set" shows "enc_weakly_respects_barb_set Barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) Barbs)" using enc_respects_binary_pred_iff_source_target_rel_respects_binary_pred_encR[where Pred="λP a. a ∈ Barbs ∧ P⇓<STCalWB SWB TWB>a"] STCalWB_reachesBarbST by simp lemma (in encoding_wrt_barbs) enc_weakly_respects_barbs_iff_source_target_rel: shows "enc_weakly_respects_barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB))" using enc_respects_binary_pred_iff_source_target_rel_respects_binary_pred_encR[where Pred="λP a. P⇓<STCalWB SWB TWB>a"] STCalWB_reachesBarbST by simp lemma (in encoding_wrt_barbs) enc_respects_barb_set_iff_source_target_rel: fixes Barbs :: "'barbs set" shows "enc_respects_barb_set Barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) Barbs)" using enc_respects_binary_pred_iff_source_target_rel_respects_binary_pred_encR[where Pred="λP a. a ∈ Barbs ∧ P↓<STCalWB SWB TWB>a"] STCalWB_hasBarbST by simp lemma (in encoding_wrt_barbs) enc_respects_barbs_iff_source_target_rel: shows "enc_respects_barbs = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_barbs Rel (STCalWB SWB TWB))" using enc_respects_binary_pred_iff_source_target_rel_respects_binary_pred_encR[where Pred="λP a. P↓<STCalWB SWB TWB>a"] STCalWB_hasBarbST by simp text ‹Accordingly an encoding is success sensitive iff there exists such a relation between source and target terms that weakly respects the barb success.› lemma (in encoding_wrt_barbs) success_sensitive_cond: fixes success :: "'barbs" shows "enc_weakly_respects_barb_set {success} = (∀S. S⇓<SWB>success ⟷ ⟦S⟧⇓<TWB>success)" by auto lemma (in encoding_wrt_barbs) success_sensitive_iff_source_target_rel_weakly_respects_success: fixes success :: "'barbs" shows "enc_weakly_respects_barb_set {success} = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success})" by (rule enc_weakly_respects_barb_set_iff_source_target_rel[where Barbs="{success}"])+ lemma (in encoding_wrt_barbs) success_sensitive_iff_source_target_rel_respects_success: fixes success :: "'barbs" shows "enc_respects_barb_set {success} = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success})" by (rule enc_respects_barb_set_iff_source_target_rel[where Barbs="{success}"]) end
Theory DivergenceReflection
theory DivergenceReflection imports SourceTargetRelation begin section ‹Divergence Reflection› text ‹Divergence reflection forbids for encodings that introduce loops of internal actions. Thus they determine the practicability of encodings in particular with respect to implementations. An encoding reflects divergence if each loop in a target term result from the translation of a divergent source term.› abbreviation (in encoding) enc_preserves_divergence :: "bool" where "enc_preserves_divergence ≡ enc_preserves_pred (λP. P ⟼STω)" lemma (in encoding) divergence_preservation_cond: shows "enc_preserves_divergence = (∀S. S ⟼(Source)ω ⟶ ⟦S⟧ ⟼(Target)ω)" by simp abbreviation (in encoding) enc_reflects_divergence :: "bool" where "enc_reflects_divergence ≡ enc_reflects_pred (λP. P ⟼STω)" lemma (in encoding) divergence_reflection_cond: shows "enc_reflects_divergence = (∀S. ⟦S⟧ ⟼(Target)ω ⟶ S ⟼(Source)ω)" by simp abbreviation rel_preserves_divergence :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "rel_preserves_divergence Rel Cal ≡ rel_preserves_pred Rel (λP. P ⟼(Cal)ω)" abbreviation rel_reflects_divergence :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "rel_reflects_divergence Rel Cal ≡ rel_reflects_pred Rel (λP. P ⟼(Cal)ω)" text ‹Apart from divergence reflection we consider divergence respection. An encoding respects divergence if each divergent source term is translated into a divergent target term and each divergent target term result from the translation of a divergent source term.› abbreviation (in encoding) enc_respects_divergence :: "bool" where "enc_respects_divergence ≡ enc_respects_pred (λP. P ⟼STω)" lemma (in encoding) divergence_respection_cond: shows "enc_respects_divergence = (∀S. ⟦S⟧ ⟼(Target)ω ⟷ S ⟼(Source)ω)" by auto abbreviation rel_respects_divergence :: "('proc × 'proc) set ⇒ 'proc processCalculus ⇒ bool" where "rel_respects_divergence Rel Cal ≡ rel_respects_pred Rel (λP. P ⟼(Cal)ω)" text ‹An encoding preserves divergence iff (1) there exists a relation that relates source terms and their literal translations and preserves divergence, or (2) there exists a relation that relates literal translations and their source terms and reflects divergence.› lemma (in encoding) divergence_preservation_iff_source_target_rel_preserves_divergence: shows "enc_preserves_divergence = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_preserves_divergence Rel (STCal Source Target))" using enc_preserves_pred_iff_source_target_rel_preserves_pred(1)[where Pred="λP. P ⟼STω"] divergentST_STCal_divergent by simp lemma (in encoding) divergence_preservation_iff_source_target_rel_reflects_divergence: shows "enc_preserves_divergence = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_reflects_divergence Rel (STCal Source Target))" using enc_preserves_pred_iff_source_target_rel_reflects_pred(1)[where Pred="λP. P ⟼STω"] divergentST_STCal_divergent by simp text ‹An encoding reflects divergence iff (1) there exists a relation that relates source terms and their literal translations and reflects divergence, or (2) there exists a relation that relates literal translations and their source terms and preserves divergence.› lemma (in encoding) divergence_reflection_iff_source_target_rel_reflects_divergence: shows "enc_reflects_divergence = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_divergence Rel (STCal Source Target))" using enc_reflects_pred_iff_source_target_rel_reflects_pred[where Pred="λP. P ⟼STω"] divergentST_STCal_divergent by simp lemma (in encoding) divergence_reflection_iff_source_target_rel_preserves_divergence: shows "enc_reflects_divergence = (∃Rel. (∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_preserves_divergence Rel (STCal Source Target))" using enc_reflects_pred_iff_source_target_rel_preserves_pred[where Pred="λP. P ⟼STω"] divergentST_STCal_divergent by simp text ‹An encoding respects divergence iff there exists a relation that relates source terms and their literal translations in both directions and respects divergence.› lemma (in encoding) divergence_respection_iff_source_target_rel_respects_divergence: shows "enc_respects_divergence = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_divergence Rel (STCal Source Target))" and "enc_respects_divergence = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_divergence Rel (STCal Source Target))" proof - show "enc_respects_divergence = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_divergence Rel (STCal Source Target))" using enc_respects_pred_iff_source_target_rel_respects_pred_encR[where Pred="λP. P ⟼STω"] divergentST_STCal_divergent by simp next show "enc_respects_divergence = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ rel_respects_divergence Rel (STCal Source Target))" using enc_respects_pred_iff_source_target_rel_respects_pred_encRL[where Pred="λP. P ⟼STω"] divergentST_STCal_divergent by simp qed end
Theory OperationalCorrespondence
theory OperationalCorrespondence imports SourceTargetRelation begin section ‹Operational Correspondence› text ‹We consider different variants of operational correspondence. This criterion consists of a completeness and a soundness condition and is often defined with respect to a relation TRel on target terms. Operational completeness modulo TRel ensures that an encoding preserves source term behaviour modulo TRel by requiring that each sequence of source term steps can be mimicked by its translation such that the respective derivatives are related by TRel.› abbreviation (in encoding) operational_complete :: "('procT × 'procT) set ⇒ bool" where "operational_complete TRel ≡ ∀S S'. S ⟼Source* S' ⟶ (∃T. ⟦S⟧ ⟼Target* T ∧ (⟦S'⟧, T) ∈ TRel)" text ‹We call an encoding strongly operational complete modulo TRel if each source term step has to be mimicked by single target term step of its translation.› abbreviation (in encoding) strongly_operational_complete :: "('procT × 'procT) set ⇒ bool" where "strongly_operational_complete TRel ≡ ∀S S'. S ⟼Source S' ⟶ (∃T. ⟦S⟧ ⟼Target T ∧ (⟦S'⟧, T) ∈ TRel)" text ‹Operational soundness ensures that the encoding does not introduce new behaviour. An encoding is weakly operational sound modulo TRel if each sequence of target term steps is part of the translation of a sequence of source term steps such that the derivatives are related by TRel. It allows for intermediate states on the translation of source term step that are not the result of translating a source term.› abbreviation (in encoding) weakly_operational_sound :: "('procT × 'procT) set ⇒ bool" where "weakly_operational_sound TRel ≡ ∀S T. ⟦S⟧ ⟼Target* T ⟶ (∃S' T'. S ⟼Source* S' ∧ T ⟼Target* T' ∧ (⟦S'⟧, T') ∈ TRel)" text ‹And encoding is operational sound modulo TRel if each sequence of target term steps is the translation of a sequence of source term steps such that the derivatives are related by TRel. This criterion does not allow for intermediate states, i.e., does not allow to a reach target term from an encoded source term that is not related by TRel to the translation of a source term.› abbreviation (in encoding) operational_sound :: "('procT × 'procT) set ⇒ bool" where "operational_sound TRel ≡ ∀S T. ⟦S⟧ ⟼Target* T ⟶ (∃S'. S ⟼Source* S' ∧ (⟦S'⟧, T) ∈ TRel)" text ‹Strong operational soundness modulo TRel is a stricter variant of operational soundness, where a single target term step has to be mapped on a single source term step.› abbreviation (in encoding) strongly_operational_sound :: "('procT × 'procT) set ⇒ bool" where "strongly_operational_sound TRel ≡ ∀S T. ⟦S⟧ ⟼Target T ⟶ (∃S'. S ⟼Source S' ∧ (⟦S'⟧, T) ∈ TRel)" text ‹An encoding is weakly operational corresponding modulo TRel if it is operational complete and weakly operational sound modulo TRel.› abbreviation (in encoding) weakly_operational_corresponding :: "('procT × 'procT) set ⇒ bool" where "weakly_operational_corresponding TRel ≡ operational_complete TRel ∧ weakly_operational_sound TRel" text ‹Operational correspondence modulo is the combination of operational completeness and operational soundness modulo TRel.› abbreviation (in encoding) operational_corresponding :: "('procT × 'procT) set ⇒ bool" where "operational_corresponding TRel ≡ operational_complete TRel ∧ operational_sound TRel" text ‹An encoding is strongly operational corresponding modulo TRel if it is strongly operational complete and strongly operational sound modulo TRel.› abbreviation (in encoding) strongly_operational_corresponding :: "('procT × 'procT) set ⇒ bool" where "strongly_operational_corresponding TRel ≡ strongly_operational_complete TRel ∧ strongly_operational_sound TRel" subsection ‹Trivial Operational Correspondence Results› text ‹Every encoding is (weakly) operational corresponding modulo the all relation on target terms.› lemma (in encoding) operational_correspondence_modulo_all_relation: shows "operational_complete {(T1, T2). True}" and "weakly_operational_sound {(T1, T2). True}" and "operational_sound {(T1, T2). True}" using steps_refl[where Cal="Source"] steps_refl[where Cal="Target"] by blast+ lemma all_relation_is_weak_reduction_bisimulation: fixes Cal :: "'a processCalculus" shows "weak_reduction_bisimulation {(a, b). True} Cal" using steps_refl[where Cal="Cal"] by blast lemma (in encoding) operational_correspondence_modulo_some_target_relation: shows "∃TRel. weakly_operational_corresponding TRel" and "∃TRel. operational_corresponding TRel" and "∃TRel. weakly_operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" and "∃TRel. operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" using operational_correspondence_modulo_all_relation all_relation_is_weak_reduction_bisimulation[where Cal="Target"] by blast+ text ‹Strong operational correspondence requires that source can perform a step iff their translations can perform a step.› lemma (in encoding) strong_operational_correspondence_modulo_some_target_relation: shows "(∃TRel. strongly_operational_corresponding TRel) = (∀S. (∃S'. S ⟼Source S') ⟷ (∃T. ⟦S⟧ ⟼Target T))" and "(∃TRel. strongly_operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target) = (∀S. (∃S'. S ⟼Source S') ⟷ (∃T. ⟦S⟧ ⟼Target T))" proof - have A1: "∃TRel. strongly_operational_corresponding TRel ⟹ ∀S. (∃S'. S ⟼Source S') ⟷ (∃T. ⟦S⟧ ⟼Target T)" by blast moreover have A2: "∀S. (∃S'. S ⟼Source S') ⟷ (∃T. ⟦S⟧ ⟼Target T) ⟹ ∃TRel. strongly_operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" proof - assume "∀S. (∃S'. S ⟼Source S') ⟷ (∃T. ⟦S⟧ ⟼Target T)" hence "strongly_operational_corresponding {(T1, T2). True}" by simp thus "∃TRel. strongly_operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" using all_relation_is_weak_reduction_bisimulation[where Cal="Target"] by blast qed ultimately show "(∃TRel. strongly_operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target) = (∀S. (∃S'. S ⟼Source S') ⟷ (∃T. ⟦S⟧ ⟼Target T))" by blast from A1 A2 show "(∃TRel. strongly_operational_corresponding TRel) = (∀S. (∃S'. S ⟼Source S') ⟷ (∃T. ⟦S⟧ ⟼Target T))" by blast qed subsection ‹(Strong) Operational Completeness vs (Strong) Simulation› text ‹An encoding is operational complete modulo a weak simulation on target terms TRel iff there is a relation, like indRelRTPO, that relates at least all source terms to their literal translations, includes TRel, and is a weak simulation.› lemma (in encoding) weak_reduction_simulation_impl_OCom: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and TRel :: "('procT × 'procT) set" assumes A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A3: "weak_reduction_simulation Rel (STCal Source Target)" shows "operational_complete (TRel⇧*)" proof clarify fix S S' from A1 have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover assume "S ⟼Source* S'" hence "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by (simp add: STCal_steps(1)) ultimately obtain Q' where A5: "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q'" and A6: "(SourceTerm S', Q') ∈ Rel" using A3 by blast from A5 obtain T where A7: "T ∈T Q'" and A8: "⟦S⟧ ⟼Target* T" by (auto simp add: STCal_steps(2)) from A2 A6 A7 have "(⟦S'⟧, T) ∈ TRel⇧*" by simp with A8 show "∃T. ⟦S⟧ ⟼Target* T ∧ (⟦S'⟧, T) ∈ TRel⇧*" by blast qed lemma (in encoding) OCom_iff_indRelRTPO_is_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" shows "(operational_complete (TRel⇧*) ∧ weak_reduction_simulation (TRel⇧+) Target) = weak_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" proof (rule iffI, erule conjE) assume oc: "operational_complete (TRel⇧*)" and sim: "weak_reduction_simulation (TRel⇧+) Target" show "weak_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" proof clarify fix P Q P' assume "P ≲⟦⋅⟧RT<TRel> Q" and "P ⟼(STCal Source Target)* P'" thus "∃Q'. Q ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" proof (induct arbitrary: P') case (encR S) assume "SourceTerm S ⟼(STCal Source Target)* P'" from this obtain S' where A1: "S' ∈S P'" and A2: "S ⟼Source* S'" by (auto simp add: STCal_steps(1)) from oc A2 obtain T where A3: "⟦S⟧ ⟼Target* T" and A4: "(⟦S'⟧, T) ∈ TRel⇧*" by blast from A3 have "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* (TargetTerm T)" by (simp add: STCal_steps(2)) moreover have "P' ≲⟦⋅⟧RT<TRel> TargetTerm T" proof - from A4 have "⟦S'⟧ = T ∨ (⟦S'⟧, T) ∈ TRel⇧+" using rtrancl_eq_or_trancl[of "⟦S'⟧" T TRel] by blast moreover from A1 have A5: "P' ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S'⟧)" by (simp add: indRelRTPO.encR) hence "⟦S'⟧ = T ⟹ P' ≲⟦⋅⟧RT<TRel> TargetTerm T" by simp moreover have "(⟦S'⟧, T) ∈ TRel⇧+ ⟹ P' ≲⟦⋅⟧RT<TRel> TargetTerm T" proof - assume "(⟦S'⟧, T) ∈ TRel⇧+" hence "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm T" proof induct fix T assume "(⟦S'⟧, T) ∈ TRel" thus "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm T" by (rule indRelRTPO.target) next case (step TQ TR) assume "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm TQ" moreover assume "(TQ, TR) ∈ TRel" hence "TargetTerm TQ ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.target) ultimately show "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.trans) qed with A5 show "P' ≲⟦⋅⟧RT<TRel> TargetTerm T" by (rule indRelRTPO.trans) qed ultimately show "P' ≲⟦⋅⟧RT<TRel> TargetTerm T" by blast qed ultimately show "∃Q'. TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" by blast next case (source S) then obtain S' where B1: "S' ∈S P'" by (auto simp add: STCal_steps(1)) hence "P' ≲⟦⋅⟧RT<TRel> P'" by (simp add: indRelRTPO.source) with source show "∃Q'. SourceTerm S ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" by blast next case (target T1 T2) assume "TargetTerm T1 ⟼(STCal Source Target)* P'" from this obtain T1' where C1: "T1' ∈T P'" and C2: "T1 ⟼Target* T1'" by (auto simp add: STCal_steps(2)) assume "(T1, T2) ∈ TRel" hence "(T1, T2) ∈ TRel⇧+" by simp with C2 sim obtain T2' where C3: "T2 ⟼Target* T2'" and C4: "(T1', T2') ∈ TRel⇧+" by blast from C3 have "TargetTerm T2 ⟼(STCal Source Target)* (TargetTerm T2')" by (simp add: STCal_steps(2)) moreover from C4 have "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm T2'" proof induct fix T2' assume "(T1', T2') ∈ TRel" thus "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm T2'" by (rule indRelRTPO.target) next case (step TQ TR) assume "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm TQ" moreover assume "(TQ, TR) ∈ TRel" hence "TargetTerm TQ ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.target) ultimately show "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.trans) qed with C1 have "P' ≲⟦⋅⟧RT<TRel> TargetTerm T2'" by simp ultimately show "∃Q'. TargetTerm T2 ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" by blast next case (trans P Q R) assume "P ⟼(STCal Source Target)* P'" and "⋀P'. P ⟼(STCal Source Target)* P' ⟹ ∃Q'. Q ⟼(STCal Source Target)* Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" from this obtain Q' where D1: "Q ⟼(STCal Source Target)* Q'" and D2: "P' ≲⟦⋅⟧RT<TRel> Q'" by blast assume "⋀Q'. Q ⟼(STCal Source Target)* Q' ⟹ ∃R'. R ⟼(STCal Source Target)* R' ∧ Q' ≲⟦⋅⟧RT<TRel> R'" with D1 obtain R' where D3: "R ⟼(STCal Source Target)* R'" and D4: "Q' ≲⟦⋅⟧RT<TRel> R'" by blast from D2 D4 have "P' ≲⟦⋅⟧RT<TRel> R'" by (rule indRelRTPO.trans) with D3 show "∃R'. R ⟼(STCal Source Target)* R' ∧ P' ≲⟦⋅⟧RT<TRel> R'" by blast qed qed next have "∀S. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (simp add: indRelRTPO.encR) moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume sim: "weak_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" ultimately have "operational_complete (TRel⇧*)" using weak_reduction_simulation_impl_OCom[where Rel="indRelRTPO TRel" and TRel="TRel"] by simp moreover from sim have "weak_reduction_simulation (TRel⇧+) Target" using indRelRTPO_impl_TRel_is_weak_reduction_simulation[where TRel="TRel"] by simp ultimately show "operational_complete (TRel⇧*) ∧ weak_reduction_simulation (TRel⇧+) Target" by simp qed lemma (in encoding) OCom_iff_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" shows "(operational_complete (TRel⇧*) ∧ weak_reduction_simulation (TRel⇧+) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_simulation Rel (STCal Source Target))" proof (rule iffI, erule conjE) have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀T1 T2. (T1, T2) ∈ TRel ⟶ TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (simp add: indRelRTPO.target) moreover have "∀T1 T2. TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2 ⟶ (T1, T2) ∈ TRel⇧+" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by simp moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume "operational_complete (TRel⇧*)" and "weak_reduction_simulation (TRel⇧+) Target" hence "weak_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" using OCom_iff_indRelRTPO_is_weak_reduction_simulation[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_simulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_simulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and A3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and A4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A5: "weak_reduction_simulation Rel (STCal Source Target)" by blast from A1 A4 A5 have "operational_complete (TRel⇧*)" using weak_reduction_simulation_impl_OCom[where Rel="Rel" and TRel="TRel"] by simp moreover from A2 A3 A5 have "weak_reduction_simulation (TRel⇧+) Target" using rel_with_target_impl_transC_TRel_is_weak_reduction_simulation[where Rel="Rel" and TRel="TRel"] by simp ultimately show "operational_complete (TRel⇧*) ∧ weak_reduction_simulation (TRel⇧+) Target" by simp qed text ‹An encoding is strong operational complete modulo a strong simulation on target terms TRel iff there is a relation, like indRelRTPO, that relates at least all source terms to their literal translations, includes TRel, and is a strong simulation.› lemma (in encoding) strong_reduction_simulation_impl_SOCom: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and TRel :: "('procT × 'procT) set" assumes A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A3: "strong_reduction_simulation Rel (STCal Source Target)" shows "strongly_operational_complete (TRel⇧*)" proof clarify fix S S' from A1 have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover assume "S ⟼Source S'" hence "SourceTerm S ⟼(STCal Source Target) (SourceTerm S')" by (simp add: STCal_step(1)) ultimately obtain Q' where A5: "TargetTerm (⟦S⟧) ⟼(STCal Source Target) Q'" and A6: "(SourceTerm S', Q') ∈ Rel" using A3 by blast from A5 obtain T where A7: "T ∈T Q'" and A8: "⟦S⟧ ⟼Target T" by (auto simp add: STCal_step(2)) from A2 A6 A7 have "(⟦S'⟧, T) ∈ TRel⇧*" by simp with A8 show "∃T. ⟦S⟧ ⟼Target T ∧ (⟦S'⟧, T) ∈ TRel⇧*" by blast qed lemma (in encoding) SOCom_iff_indRelRTPO_is_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" shows "(strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target) = strong_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" proof (rule iffI, erule conjE) assume soc: "strongly_operational_complete (TRel⇧*)" and sim: "strong_reduction_simulation (TRel⇧+) Target" show "strong_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" proof clarify fix P Q P' assume "P ≲⟦⋅⟧RT<TRel> Q" and "P ⟼(STCal Source Target) P'" thus "∃Q'. Q ⟼(STCal Source Target) Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" proof (induct arbitrary: P') case (encR S) assume "SourceTerm S ⟼(STCal Source Target) P'" from this obtain S' where A1: "S' ∈S P'" and A2: "S ⟼Source S'" by (auto simp add: STCal_step(1)) from soc A2 obtain T where A3: "⟦S⟧ ⟼Target T" and A4: "(⟦S'⟧, T) ∈ TRel⇧*" by blast from A3 have "TargetTerm (⟦S⟧) ⟼(STCal Source Target) (TargetTerm T)" by (simp add: STCal_step(2)) moreover have "P' ≲⟦⋅⟧RT<TRel> TargetTerm T" proof - from A4 have "⟦S'⟧ = T ∨ (⟦S'⟧, T) ∈ TRel⇧+" using rtrancl_eq_or_trancl[of "⟦S'⟧" T TRel] by blast moreover from A1 have A5: "P' ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S'⟧)" by (simp add: indRelRTPO.encR) hence "⟦S'⟧ = T ⟹ P' ≲⟦⋅⟧RT<TRel> TargetTerm T" by simp moreover have "(⟦S'⟧, T) ∈ TRel⇧+ ⟹ P' ≲⟦⋅⟧RT<TRel> TargetTerm T" proof - assume "(⟦S'⟧, T) ∈ TRel⇧+" hence "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm T" proof induct fix TQ assume "(⟦S'⟧, TQ) ∈ TRel" thus "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm TQ" by (rule indRelRTPO.target) next case (step TQ TR) assume "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm TQ" moreover assume "(TQ, TR) ∈ TRel" hence "TargetTerm TQ ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.target) ultimately show "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.trans) qed with A5 show "P' ≲⟦⋅⟧RT<TRel> TargetTerm T" by (rule indRelRTPO.trans) qed ultimately show "P' ≲⟦⋅⟧RT<TRel> TargetTerm T" by blast qed ultimately show "∃Q'. TargetTerm (⟦S⟧) ⟼(STCal Source Target) Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" by blast next case (source S) then obtain S' where B1: "S' ∈S P'" by (auto simp add: STCal_step(1)) hence "P' ≲⟦⋅⟧RT<TRel> P'" by (simp add: indRelRTPO.source) with source show "∃Q'. SourceTerm S ⟼(STCal Source Target) Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" by blast next case (target T1 T2) assume "TargetTerm T1 ⟼(STCal Source Target) P'" from this obtain T1' where C1: "T1' ∈T P'" and C2: "T1 ⟼Target T1'" by (auto simp add: STCal_step(2)) assume "(T1, T2) ∈ TRel" hence "(T1, T2) ∈ TRel⇧+" by simp with C2 sim obtain T2' where C3: "T2 ⟼Target T2'" and C4: "(T1', T2') ∈ TRel⇧+" by blast from C3 have "TargetTerm T2 ⟼(STCal Source Target) (TargetTerm T2')" by (simp add: STCal_step(2)) moreover from C4 have "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm T2'" proof induct fix T2' assume "(T1', T2') ∈ TRel" thus "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm T2'" by (rule indRelRTPO.target) next case (step TQ TR) assume "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm TQ" moreover assume "(TQ, TR) ∈ TRel" hence "TargetTerm TQ ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.target) ultimately show "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm TR" by (rule indRelRTPO.trans) qed with C1 have "P' ≲⟦⋅⟧RT<TRel> TargetTerm T2'" by simp ultimately show "∃Q'. TargetTerm T2 ⟼(STCal Source Target) Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" by blast next case (trans P Q R) assume "P ⟼(STCal Source Target) P'" and "⋀P'. P ⟼(STCal Source Target) P' ⟹ ∃Q'. Q ⟼(STCal Source Target) Q' ∧ P' ≲⟦⋅⟧RT<TRel> Q'" from this obtain Q' where D1: "Q ⟼(STCal Source Target) Q'" and D2: "P' ≲⟦⋅⟧RT<TRel> Q'" by blast assume "⋀Q'. Q ⟼(STCal Source Target) Q' ⟹ ∃R'. R ⟼(STCal Source Target) R' ∧ Q' ≲⟦⋅⟧RT<TRel> R'" with D1 obtain R' where D3: "R ⟼(STCal Source Target) R'" and D4: "Q' ≲⟦⋅⟧RT<TRel> R'" by blast from D2 D4 have "P' ≲⟦⋅⟧RT<TRel> R'" by (rule indRelRTPO.trans) with D3 show "∃R'. R ⟼(STCal Source Target) R' ∧ P' ≲⟦⋅⟧RT<TRel> R'" by blast qed qed next have "∀S. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (simp add: indRelRTPO.encR) moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume sim: "strong_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" ultimately have "strongly_operational_complete (TRel⇧*)" using strong_reduction_simulation_impl_SOCom[where Rel="indRelRTPO TRel" and TRel="TRel"] by simp moreover from sim have "strong_reduction_simulation (TRel⇧+) Target" using indRelRTPO_impl_TRel_is_strong_reduction_simulation[where TRel="TRel"] by simp ultimately show "strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target" by simp qed lemma (in encoding) SOCom_iff_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" shows "(strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_simulation Rel (STCal Source Target))" proof (rule iffI, erule conjE) have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀T1 T2. (T1, T2) ∈ TRel ⟶ TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (simp add: indRelRTPO.target) moreover have "∀T1 T2. TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2 ⟶ (T1, T2) ∈ TRel⇧+" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by simp moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume "strongly_operational_complete (TRel⇧*)" and "strong_reduction_simulation (TRel⇧+) Target" hence "strong_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" using SOCom_iff_indRelRTPO_is_strong_reduction_simulation[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_simulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_simulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and A3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and A4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A5: "strong_reduction_simulation Rel (STCal Source Target)" by blast from A1 A4 A5 have "strongly_operational_complete (TRel⇧*)" using strong_reduction_simulation_impl_SOCom[where Rel="Rel" and TRel="TRel"] by simp moreover from A2 A3 A5 have "strong_reduction_simulation (TRel⇧+) Target" using rel_with_target_impl_transC_TRel_is_strong_reduction_simulation[where Rel="Rel" and TRel="TRel"] by simp ultimately show "strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target" by simp qed lemma (in encoding) target_relation_from_source_target_relation: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes stre: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=" shows "∃TRel. (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*)" proof - define TRel where "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" from TRel_def have "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" by simp moreover from TRel_def have "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by blast moreover from stre TRel_def have "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" by blast ultimately show ?thesis by blast qed lemma (in encoding) SOCom_modulo_TRel_iff_strong_reduction_simulation: shows "(∃TRel. strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_simulation Rel (STCal Source Target))" proof (rule iffI) assume "∃TRel. strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target" from this obtain TRel where "strongly_operational_complete (TRel⇧*)" and "strong_reduction_simulation (TRel⇧+) Target" by blast hence "strong_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" using SOCom_iff_indRelRTPO_is_strong_reduction_simulation[where TRel="TRel"] by simp moreover have "∀S. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (simp add: indRelRTPO.encR) moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ (indRelRTPO TRel)⇧=" using indRelRTPO_relates_source_target[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_simulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_simulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=)" and A3: "strong_reduction_simulation Rel (STCal Source Target)" by blast from A2 obtain TRel where "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" using target_relation_from_source_target_relation[where Rel="Rel"] by blast with A1 A3 have "strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target" using SOCom_iff_strong_reduction_simulation[where TRel="TRel"] by blast thus "∃TRel. strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target" by blast qed subsection ‹Weak Operational Soundness vs Contrasimulation› text ‹If the inverse of a relation that includes TRel and relates source terms and their literal translations is a contrasimulation, then the encoding is weakly operational sound.› lemma (in encoding) weak_reduction_contrasimulation_impl_WOSou: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and TRel :: "('procT × 'procT) set" assumes A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A3: "weak_reduction_contrasimulation (Rel¯) (STCal Source Target)" shows "weakly_operational_sound (TRel⇧*)" proof clarify fix S T from A1 have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel¯" by simp moreover assume "⟦S⟧ ⟼Target* T" hence "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* (TargetTerm T)" by (simp add: STCal_steps(2)) ultimately obtain Q' where A5: "SourceTerm S ⟼(STCal Source Target)* Q'" and A6: "(Q', TargetTerm T) ∈ Rel¯" using A3 by blast from A5 obtain S' where A7: "S' ∈S Q'" and A8: "S ⟼Source* S'" by (auto simp add: STCal_steps(1)) have "Q' ⟼(STCal Source Target)* Q'" by (simp add: steps_refl) with A6 A3 obtain P'' where A9: "TargetTerm T ⟼(STCal Source Target)* P''" and A10: "(P'', Q') ∈ Rel¯" by blast from A9 obtain T' where A11: "T' ∈T P''" and A12: "T ⟼Target* T'" by (auto simp add: STCal_steps(2)) from A10 have "(Q', P'') ∈ Rel" by induct with A2 A7 A11 have "(⟦S'⟧, T') ∈ TRel⇧*" by simp with A8 A12 show "∃S' T'. S ⟼Source* S' ∧ T ⟼Target* T' ∧ (⟦S'⟧, T') ∈ TRel⇧*" by blast qed subsection ‹(Strong) Operational Soundness vs (Strong) Simulation› text ‹An encoding is operational sound modulo a relation TRel whose inverse is a weak reduction simulation on target terms iff there is a relation, like indRelRTPO, that relates at least all source terms to their literal translations, includes TRel, and whose inverse is a weak simulation.› lemma (in encoding) weak_reduction_simulation_impl_OSou: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and TRel :: "('procT × 'procT) set" assumes A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A3: "weak_reduction_simulation (Rel¯) (STCal Source Target)" shows "operational_sound (TRel⇧*)" proof clarify fix S T from A1 have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel¯" by simp moreover assume "⟦S⟧ ⟼Target* T" hence "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* (TargetTerm T)" by (simp add: STCal_steps(2)) ultimately obtain Q' where A5: "SourceTerm S ⟼(STCal Source Target)* Q'" and A6: "(TargetTerm T, Q') ∈ Rel¯" using A3 by blast from A5 obtain S' where A7: "S' ∈S Q'" and A8: "S ⟼Source* S'" by (auto simp add: STCal_steps(1)) from A6 have "(Q', TargetTerm T) ∈ Rel" by induct with A2 A7 have "(⟦S'⟧, T) ∈ TRel⇧*" by simp with A8 show "∃S'. S ⟼Source* S' ∧ (⟦S'⟧, T) ∈ TRel⇧*" by blast qed lemma (in encoding) OSou_iff_inverse_of_indRelRTPO_is_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" shows "(operational_sound (TRel⇧*) ∧ weak_reduction_simulation ((TRel⇧+)¯) Target) = weak_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" proof (rule iffI, erule conjE) assume os: "operational_sound (TRel⇧*)" and sim: "weak_reduction_simulation ((TRel⇧+)¯) Target" show "weak_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" proof clarify fix P Q P' assume "Q ≲⟦⋅⟧RT<TRel> P" and "P ⟼(STCal Source Target)* P'" thus "∃Q'. Q ⟼(STCal Source Target)* Q' ∧ (P', Q') ∈ (indRelRTPO TRel)¯" proof (induct arbitrary: P') case (encR S) assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* P'" from this obtain T where A1: "T ∈T P'" and A2: "⟦S⟧ ⟼Target* T" by (auto simp add: STCal_steps(2)) from os A2 obtain S' where A3: "S ⟼Source* S'" and A4: "(⟦S'⟧, T) ∈ TRel⇧*" by blast from A3 have "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by (simp add: STCal_steps(1)) moreover have "SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" proof - from A4 have "⟦S'⟧ = T ∨ (⟦S'⟧, T) ∈ TRel⇧+" using rtrancl_eq_or_trancl[of "⟦S'⟧" T TRel] by blast moreover have A5: "SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S'⟧)" by (simp add: indRelRTPO.encR) with A1 have "⟦S'⟧ = T ⟹ SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" by simp moreover have "(⟦S'⟧, T) ∈ TRel⇧+ ⟹ SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" proof - assume "(⟦S'⟧, T) ∈ TRel⇧+" hence "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm T" by (rule transitive_closure_of_TRel_to_indRelRTPO) with A5 have "SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm T" by (rule indRelRTPO.trans) with A1 show "SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" by simp qed ultimately show "SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" by blast qed hence "(P', SourceTerm S') ∈ (indRelRTPO TRel)¯" by simp ultimately show "∃Q'. SourceTerm S ⟼(STCal Source Target)* Q' ∧ (P', Q') ∈ (indRelRTPO TRel)¯" by blast next case (source S) then obtain S' where B1: "S' ∈S P'" by (auto simp add: STCal_steps(1)) hence "(P', P') ∈ (indRelRTPO TRel)¯" by (simp add: indRelRTPO.source) with source show "∃Q'. SourceTerm S ⟼(STCal Source Target)* Q' ∧ (P', Q') ∈ (indRelRTPO TRel)¯" by blast next case (target T1 T2) assume "TargetTerm T2 ⟼(STCal Source Target)* P'" from this obtain T2' where C1: "T2' ∈T P'" and C2: "T2 ⟼Target* T2'" by (auto simp add: STCal_steps(2)) assume "(T1, T2) ∈ TRel" hence "(T2, T1) ∈ (TRel⇧+)¯" by simp with C2 sim obtain T1' where C3: "T1 ⟼Target* T1'" and C4: "(T2', T1') ∈ (TRel⇧+)¯" by blast from C3 have "TargetTerm T1 ⟼(STCal Source Target)* (TargetTerm T1')" by (simp add: STCal_steps(2)) moreover from C4 have "(T1', T2') ∈ TRel⇧+" by induct hence "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm T2'" by (rule transitive_closure_of_TRel_to_indRelRTPO) with C1 have "(P', TargetTerm T1') ∈ (indRelRTPO TRel)¯" by simp ultimately show "∃Q'. TargetTerm T1 ⟼(STCal Source Target)* Q' ∧ (P', Q') ∈ (indRelRTPO TRel)¯" by blast next case (trans P Q R R') assume "R ⟼(STCal Source Target)* R'" and "⋀R'. R ⟼(STCal Source Target)* R' ⟹ ∃Q'. Q ⟼(STCal Source Target)* Q' ∧ (R', Q') ∈ (indRelRTPO TRel)¯" from this obtain Q' where D1: "Q ⟼(STCal Source Target)* Q'" and D2: "(R', Q') ∈ (indRelRTPO TRel)¯" by blast assume "⋀Q'. Q ⟼(STCal Source Target)* Q' ⟹ ∃P'. P ⟼(STCal Source Target)* P' ∧ (Q', P') ∈ (indRelRTPO TRel)¯" with D1 obtain P' where D3: "P ⟼(STCal Source Target)* P'" and D4: "(Q', P') ∈ (indRelRTPO TRel)¯" by blast from D4 D2 have "(R', P') ∈ (indRelRTPO TRel)¯" by (simp add: indRelRTPO.trans[where P="P'" and Q="Q'" and R="R'"]) with D3 show "∃P'. P ⟼(STCal Source Target)* P' ∧ (R', P') ∈ (indRelRTPO TRel)¯" by blast qed qed next have "∀S. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (simp add: indRelRTPO.encR) moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume sim: "weak_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" ultimately have "operational_sound (TRel⇧*)" using weak_reduction_simulation_impl_OSou[where Rel="indRelRTPO TRel" and TRel="TRel"] by simp moreover from sim have "weak_reduction_simulation ((TRel⇧+)¯) Target" using indRelRTPO_impl_TRel_is_weak_reduction_simulation_rev[where TRel="TRel"] by simp ultimately show "operational_sound (TRel⇧*) ∧ weak_reduction_simulation ((TRel⇧+)¯) Target" by simp qed lemma (in encoding) OSou_iff_weak_reduction_simulation: fixes TRel :: "('procT × 'procT) set" shows "(operational_sound (TRel⇧*) ∧ weak_reduction_simulation ((TRel⇧+)¯) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_simulation (Rel¯) (STCal Source Target))" proof (rule iffI, erule conjE) have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀T1 T2. (T1, T2) ∈ TRel ⟶ TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (simp add: indRelRTPO.target) moreover have "∀T1 T2. TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2 ⟶ (T1, T2) ∈ TRel⇧+" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by simp moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume "operational_sound (TRel⇧*)" and "weak_reduction_simulation ((TRel⇧+)¯) Target" hence "weak_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" using OSou_iff_inverse_of_indRelRTPO_is_weak_reduction_simulation[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_simulation (Rel¯) (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_simulation (Rel¯) (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and A3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and A4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A5: "weak_reduction_simulation (Rel¯) (STCal Source Target)" by blast from A1 A4 A5 have "operational_sound (TRel⇧*)" using weak_reduction_simulation_impl_OSou[where Rel="Rel" and TRel="TRel"] by simp moreover from A2 A3 A5 have "weak_reduction_simulation ((TRel⇧+)¯) Target" using rel_with_target_impl_transC_TRel_is_weak_reduction_simulation_rev[where Rel="Rel" and TRel="TRel"] by simp ultimately show "operational_sound (TRel⇧*) ∧ weak_reduction_simulation ((TRel⇧+)¯) Target" by simp qed text ‹An encoding is strongly operational sound modulo a relation TRel whose inverse is a strong reduction simulation on target terms iff there is a relation, like indRelRTPO, that relates at least all source terms to their literal translations, includes TRel, and whose inverse is a strong simulation.› lemma (in encoding) strong_reduction_simulation_impl_SOSou: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and TRel :: "('procT × 'procT) set" assumes A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A3: "strong_reduction_simulation (Rel¯) (STCal Source Target)" shows "strongly_operational_sound (TRel⇧*)" proof clarify fix S T from A1 have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel¯" by simp moreover assume "⟦S⟧ ⟼Target T" hence "TargetTerm (⟦S⟧) ⟼(STCal Source Target) (TargetTerm T)" by (simp add: STCal_step(2)) ultimately obtain Q' where A5: "SourceTerm S ⟼(STCal Source Target) Q'" and A6: "(TargetTerm T, Q') ∈ Rel¯" using A3 by blast from A5 obtain S' where A7: "S' ∈S Q'" and A8: "S ⟼Source S'" by (auto simp add: STCal_step(1)) from A6 have "(Q', TargetTerm T) ∈ Rel" by induct with A2 A7 have "(⟦S'⟧, T) ∈ TRel⇧*" by simp with A8 show "∃S'. S ⟼Source S' ∧ (⟦S'⟧, T) ∈ TRel⇧*" by blast qed lemma (in encoding) SOSou_iff_inverse_of_indRelRTPO_is_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" shows "(strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target) = strong_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" proof (rule iffI, erule conjE) assume os: "strongly_operational_sound (TRel⇧*)" and sim: "strong_reduction_simulation ((TRel⇧+)¯) Target" show "strong_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" proof clarify fix P Q P' assume "Q ≲⟦⋅⟧RT<TRel> P" moreover assume "P ⟼(STCal Source Target) P'" ultimately show "∃Q'. Q ⟼(STCal Source Target) Q' ∧ (P', Q') ∈ (indRelRTPO TRel)¯" proof (induct arbitrary: P') case (encR S) assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target) P'" from this obtain T where A1: "T ∈T P'" and A2: "⟦S⟧ ⟼Target T" by (auto simp add: STCal_step(2)) from os A2 obtain S' where A3: "S ⟼Source S'" and A4: "(⟦S'⟧, T) ∈ TRel⇧*" by blast from A3 have "SourceTerm S ⟼(STCal Source Target) (SourceTerm S')" by (simp add: STCal_step(1)) moreover have "SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" proof - from A4 have "⟦S'⟧ = T ∨ (⟦S'⟧, T) ∈ TRel⇧+" using rtrancl_eq_or_trancl[of "⟦S'⟧" T TRel] by blast moreover have A5: "SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S'⟧)" by (simp add: indRelRTPO.encR) with A1 have "⟦S'⟧ = T ⟹ SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" by simp moreover have "(⟦S'⟧, T) ∈ TRel⇧+ ⟹ SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" proof - assume "(⟦S'⟧, T) ∈ TRel⇧+" hence "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm T" by (rule transitive_closure_of_TRel_to_indRelRTPO) with A5 have "SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm T" by (rule indRelRTPO.trans) with A1 show "SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" by simp qed ultimately show "SourceTerm S' ≲⟦⋅⟧RT<TRel> P'" by blast qed hence "(P', SourceTerm S') ∈ (indRelRTPO TRel)¯" by simp ultimately show "∃Q'. SourceTerm S ⟼(STCal Source Target) Q' ∧ (P', Q') ∈ (indRelRTPO TRel)¯" by blast next case (source S) then obtain S' where B1: "S' ∈S P'" by (auto simp add: STCal_step(1)) hence "(P', P') ∈ (indRelRTPO TRel)¯" by (simp add: indRelRTPO.source) with source show "∃Q'. SourceTerm S ⟼(STCal Source Target) Q' ∧ (P', Q') ∈ (indRelRTPO TRel)¯" by blast next case (target T1 T2) assume "TargetTerm T2 ⟼(STCal Source Target) P'" from this obtain T2' where C1: "T2' ∈T P'" and C2: "T2 ⟼Target T2'" by (auto simp add: STCal_step(2)) assume "(T1, T2) ∈ TRel" hence "(T2, T1) ∈ (TRel⇧+)¯" by simp with C2 sim obtain T1' where C3: "T1 ⟼Target T1'" and C4: "(T2', T1') ∈ (TRel⇧+)¯" by blast from C3 have "TargetTerm T1 ⟼(STCal Source Target) (TargetTerm T1')" by (simp add: STCal_step(2)) moreover from C4 have "(T1', T2') ∈ TRel⇧+" by induct hence "TargetTerm T1' ≲⟦⋅⟧RT<TRel> TargetTerm T2'" by (rule transitive_closure_of_TRel_to_indRelRTPO) with C1 have "(P', TargetTerm T1') ∈ (indRelRTPO TRel)¯" by simp ultimately show "∃Q'. TargetTerm T1 ⟼(STCal Source Target) Q' ∧ (P', Q') ∈ (indRelRTPO TRel)¯" by blast next case (trans P Q R R') assume "R ⟼(STCal Source Target) R'" and "⋀R'. R ⟼(STCal Source Target) R' ⟹ ∃Q'. Q ⟼(STCal Source Target) Q' ∧ (R', Q') ∈ (indRelRTPO TRel)¯" from this obtain Q' where D1: "Q ⟼(STCal Source Target) Q'" and D2: "(R', Q') ∈ (indRelRTPO TRel)¯" by blast assume "⋀Q'. Q ⟼(STCal Source Target) Q' ⟹ ∃P'. P ⟼(STCal Source Target) P' ∧ (Q', P') ∈ (indRelRTPO TRel)¯" with D1 obtain P' where D3: "P ⟼(STCal Source Target) P'" and D4: "(Q', P') ∈ (indRelRTPO TRel)¯" by blast from D4 D2 have "(R', P') ∈ (indRelRTPO TRel)¯" by (simp add: indRelRTPO.trans[where P="P'" and Q="Q'" and R="R'"]) with D3 show "∃P'. P ⟼(STCal Source Target) P' ∧ (R', P') ∈ (indRelRTPO TRel)¯" by blast qed qed next have "∀S. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (simp add: indRelRTPO.encR) moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume sim: "strong_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" ultimately have "strongly_operational_sound (TRel⇧*)" using strong_reduction_simulation_impl_SOSou[where Rel="indRelRTPO TRel" and TRel="TRel"] by simp moreover from sim have "strong_reduction_simulation ((TRel⇧+)¯) Target" using indRelRTPO_impl_TRel_is_strong_reduction_simulation_rev[where TRel="TRel"] by simp ultimately show "strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target" by simp qed lemma (in encoding) SOSou_iff_strong_reduction_simulation: fixes TRel :: "('procT × 'procT) set" shows "(strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_simulation (Rel¯) (STCal Source Target))" proof (rule iffI, erule conjE) have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀T1 T2. (T1, T2) ∈ TRel ⟶ TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (simp add: indRelRTPO.target) moreover have "∀T1 T2. TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2 ⟶ (T1, T2) ∈ TRel⇧+" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by simp moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume "strongly_operational_sound (TRel⇧*)" and "strong_reduction_simulation ((TRel⇧+)¯) Target" hence "strong_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" using SOSou_iff_inverse_of_indRelRTPO_is_strong_reduction_simulation[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_simulation (Rel¯) (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_simulation (Rel¯) (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and A3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and A4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A5: "strong_reduction_simulation (Rel¯) (STCal Source Target)" by blast from A1 A4 A5 have "strongly_operational_sound (TRel⇧*)" using strong_reduction_simulation_impl_SOSou[where Rel="Rel" and TRel="TRel"] by simp moreover from A2 A3 A5 have "strong_reduction_simulation ((TRel⇧+)¯) Target" using rel_with_target_impl_transC_TRel_is_strong_reduction_simulation_rev[where Rel="Rel" and TRel="TRel"] by simp ultimately show "strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target" by simp qed lemma (in encoding) SOSou_modulo_TRel_iff_strong_reduction_simulation: shows "(∃TRel. strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_simulation (Rel¯) (STCal Source Target))" proof (rule iffI) assume "∃TRel. strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target" from this obtain TRel where "strongly_operational_sound (TRel⇧*)" and "strong_reduction_simulation ((TRel⇧+)¯) Target" by blast hence "strong_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" using SOSou_iff_inverse_of_indRelRTPO_is_strong_reduction_simulation[where TRel="TRel"] by simp moreover have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀S T. (SourceTerm S, TargetTerm T) ∈ indRelRTPO TRel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ (indRelRTPO TRel)⇧=" using indRelRTPO_relates_source_target[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_simulation (Rel¯) (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_simulation (Rel¯) (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=)" and A3: "strong_reduction_simulation (Rel¯) (STCal Source Target)" by blast from A2 obtain TRel where "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" using target_relation_from_source_target_relation[where Rel="Rel"] by blast with A1 A3 have "strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target" using SOSou_iff_strong_reduction_simulation[where TRel="TRel"] by blast thus "∃TRel. strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target" by blast qed subsection ‹Weak Operational Correspondence vs Correspondence Similarity› text ‹If there exists a relation that relates at least all source terms and their literal translations, includes TRel, and is a correspondence simulation then the encoding is weakly operational corresponding w.r.t. TRel.› lemma (in encoding) weak_reduction_correspondence_simulation_impl_WOC: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and TRel :: "('procT × 'procT) set" assumes enc: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and tRel: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*)" and cs: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" shows "weakly_operational_corresponding (TRel⇧*)" proof from enc tRel cs show "operational_complete (TRel⇧*)" using weak_reduction_simulation_impl_OCom[where TRel="TRel"] by simp next show "weakly_operational_sound (TRel⇧*)" proof clarify fix S T from enc have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover assume "⟦S⟧ ⟼Target* T" hence "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* (TargetTerm T)" by (simp add: STCal_steps(2)) ultimately obtain P' Q' where A1: "SourceTerm S ⟼(STCal Source Target)* P'" and A2: "TargetTerm T ⟼(STCal Source Target)* Q'" and A3: "(P', Q') ∈ Rel" using cs by blast from A1 obtain S' where A4: "S' ∈S P'" and A5: "S ⟼Source* S'" by (auto simp add: STCal_steps(1)) from A2 obtain T' where A6: "T' ∈T Q'" and A7: "T ⟼Target* T'" by (auto simp: STCal_steps(2)) from tRel A3 A4 A6 have "(⟦S'⟧, T') ∈ TRel⇧*" by simp with A5 A7 show "∃S' T'. S ⟼Source* S' ∧ T ⟼Target* T' ∧ (⟦S'⟧, T') ∈ TRel⇧*" by blast qed qed text ‹An encoding is weakly operational corresponding w.r.t. a correspondence simulation on target terms TRel iff there exists a relation, like indRelRTPO, that relates at least all source terms and their literal translations, includes TRel, and is a correspondence simulation.› lemma (in encoding) WOC_iff_indRelRTPO_is_reduction_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" shows "(weakly_operational_corresponding (TRel⇧*) ∧ weak_reduction_correspondence_simulation (TRel⇧+) Target) = weak_reduction_correspondence_simulation (indRelRTPO TRel) (STCal Source Target)" proof (rule iffI, erule conjE) assume woc: "weakly_operational_corresponding (TRel⇧*)" and csi: "weak_reduction_correspondence_simulation (TRel⇧+) Target" show "weak_reduction_correspondence_simulation (indRelRTPO TRel) (STCal Source Target)" proof from woc csi show sim: "weak_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" using OCom_iff_indRelRTPO_is_weak_reduction_simulation[where TRel="TRel"] by simp show "∀P Q Q'. P ≲⟦⋅⟧RT<TRel> Q ∧ Q ⟼(STCal Source Target)* Q' ⟶ (∃P'' Q''. P ⟼(STCal Source Target)* P'' ∧ Q' ⟼(STCal Source Target)* Q'' ∧ P'' ≲⟦⋅⟧RT<TRel> Q'')" proof clarify fix P Q Q' assume "P ≲⟦⋅⟧RT<TRel> Q" and "Q ⟼(STCal Source Target)* Q'" thus "∃P'' Q''. P ⟼(STCal Source Target)* P'' ∧ Q' ⟼(STCal Source Target)* Q'' ∧ P'' ≲⟦⋅⟧RT<TRel> Q''" proof (induct arbitrary: Q') case (encR S) assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q'" from this obtain T where A1: "T ∈T Q'" and A2: "⟦S⟧ ⟼Target* T" by (auto simp add: STCal_steps(2)) from A2 woc obtain S' T' where A3: "S ⟼Source* S'" and A4: "T ⟼Target* T'" and A5: "(⟦S'⟧, T') ∈ TRel⇧*" by blast from A3 have "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by (simp add: STCal_steps(1)) moreover from A4 have "TargetTerm T ⟼(STCal Source Target)* (TargetTerm T')" by (simp add: STCal_steps(2)) moreover have "SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm T'" proof - have A6: "SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S'⟧)" by (rule indRelRTPO.encR) from A5 have "⟦S'⟧ = T' ∨ (⟦S'⟧, T') ∈ TRel⇧+" using rtrancl_eq_or_trancl[of "⟦S'⟧" T' TRel] by blast moreover from A6 have "⟦S'⟧ = T' ⟹ SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm T'" by simp moreover have "(⟦S'⟧, T') ∈ TRel⇧+ ⟹ SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm T'" proof - assume "(⟦S'⟧, T') ∈ TRel⇧+" hence "TargetTerm (⟦S'⟧) ≲⟦⋅⟧RT<TRel> TargetTerm T'" by (simp add: transitive_closure_of_TRel_to_indRelRTPO[where TRel="TRel"]) with A6 show "SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm T'" by (rule indRelRTPO.trans) qed ultimately show "SourceTerm S' ≲⟦⋅⟧RT<TRel> TargetTerm T'" by blast qed ultimately show "∃P'' Q''. SourceTerm S ⟼(STCal Source Target)* P'' ∧ Q' ⟼(STCal Source Target)* Q'' ∧ P'' ≲⟦⋅⟧RT<TRel> Q''" using A1 by blast next case (source S) assume B1: "SourceTerm S ⟼(STCal Source Target)* Q'" moreover have "Q' ⟼(STCal Source Target)* Q'" by (rule steps_refl) moreover from B1 obtain S' where "S' ∈S Q'" by (auto simp add: STCal_steps(1)) hence "Q' ≲⟦⋅⟧RT<TRel> Q'" by (simp add: indRelRTPO.source) ultimately show "∃P'' Q''. SourceTerm S ⟼(STCal Source Target)* P'' ∧ Q' ⟼(STCal Source Target)* Q'' ∧ P'' ≲⟦⋅⟧RT<TRel> Q''" by blast next case (target T1 T2) assume "TargetTerm T2 ⟼(STCal Source Target)* Q'" from this obtain T2' where C1: "T2' ∈T Q'" and C2: "T2 ⟼Target* T2'" by (auto simp add: STCal_steps(2)) assume "(T1, T2) ∈ TRel" hence "(T1, T2) ∈ TRel⇧+" by simp with C2 csi obtain T1' T2'' where C3: "T1 ⟼Target* T1'" and C4: "T2' ⟼Target* T2''" and C5: "(T1', T2'') ∈ TRel⇧+" by blast from C3 have "TargetTerm T1 ⟼(STCal Source Target)* (TargetTerm T1')" by (simp add: STCal_steps(2)) moreover from C1 C4 have "Q' ⟼(STCal Source Target)* (TargetTerm T2'')" by (simp add: STCal_steps(2)) moreover from C5 have "TargetTerm T1' ≲⟦⋅⟧RT<TRel> (TargetTerm T2'')" by (simp add: transitive_closure_of_TRel_to_indRelRTPO) ultimately show "∃P'' Q''. TargetTerm T1 ⟼(STCal Source Target)* P'' ∧ Q' ⟼(STCal Source Target)* Q'' ∧ P'' ≲⟦⋅⟧RT<TRel> Q''" by blast next case (trans P Q R R') assume "R ⟼(STCal Source Target)* R'" and "⋀R'. R ⟼(STCal Source Target)* R' ⟹ ∃Q'' R''. Q ⟼(STCal Source Target)* Q'' ∧ R' ⟼(STCal Source Target)* R'' ∧ Q'' ≲⟦⋅⟧RT<TRel> R''" and "⋀Q'. Q ⟼(STCal Source Target)* Q' ⟹ ∃P'' Q''. P ⟼(STCal Source Target)* P'' ∧ Q' ⟼(STCal Source Target)* Q'' ∧ P'' ≲⟦⋅⟧RT<TRel> Q''" moreover have "trans (indRelRTPO TRel)" using indRelRTPO.trans unfolding trans_def by blast ultimately show ?case using sim reduction_correspondence_simulation_condition_trans[where P="P" and Rel="indRelRTPO TRel" and Cal="STCal Source Target" and Q="Q" and R="R"] by blast qed qed qed next assume csi: "weak_reduction_correspondence_simulation (indRelRTPO TRel) (STCal Source Target)" show "weakly_operational_corresponding (TRel⇧*) ∧ weak_reduction_correspondence_simulation (TRel⇧+) Target" proof have " ∀S. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (simp add: indRelRTPO.encR) moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp ultimately show "weakly_operational_corresponding (TRel⇧*)" using weak_reduction_correspondence_simulation_impl_WOC[where Rel="indRelRTPO TRel" and TRel="TRel"] csi by simp next from csi show "weak_reduction_correspondence_simulation (TRel⇧+) Target" using indRelRTPO_impl_TRel_is_weak_reduction_correspondence_simulation[where TRel="TRel"] by simp qed qed lemma (in encoding) WOC_iff_reduction_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" shows "(weakly_operational_corresponding (TRel⇧*) ∧ weak_reduction_correspondence_simulation (TRel⇧+) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target))" proof (rule iffI, erule conjE) have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀T1 T2. (T1, T2) ∈ TRel ⟶ TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (simp add: indRelRTPO.target) moreover have "∀T1 T2. TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2 ⟶ (T1, T2) ∈ TRel⇧+" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by simp moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume "weakly_operational_corresponding (TRel⇧*)" and "weak_reduction_correspondence_simulation (TRel⇧+) Target" hence "weak_reduction_correspondence_simulation (indRelRTPO TRel) (STCal Source Target)" using WOC_iff_indRelRTPO_is_reduction_correspondence_simulation[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and A3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and A4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A5: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" by blast from A1 A4 A5 have "weakly_operational_corresponding (TRel⇧*)" using weak_reduction_correspondence_simulation_impl_WOC[where Rel="Rel" and TRel="TRel"] by simp moreover from A2 A3 A5 have "weak_reduction_correspondence_simulation (TRel⇧+) Target" using rel_with_target_impl_transC_TRel_is_weak_reduction_correspondence_simulation by simp ultimately show "weakly_operational_corresponding (TRel⇧*) ∧ weak_reduction_correspondence_simulation (TRel⇧+) Target" by simp qed lemma rel_includes_TRel_modulo_preorder: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and TRel :: "('procT × 'procT) set" assumes transT: "trans TRel" shows "((∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+)) = (TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel})" proof (rule iffI, erule conjE) assume "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" with transT show "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using trancl_id[of TRel] by blast next assume A: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" hence "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" by simp moreover from transT A have "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" using trancl_id[of TRel] by blast ultimately show "(∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+)" by simp qed lemma (in encoding) WOC_wrt_preorder_iff_reduction_correspondence_simulation: fixes TRel :: "('procT × 'procT) set" shows "(weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target))" proof (rule iffI, erule conjE, erule conjE, erule conjE) assume A1: "operational_complete TRel" and A2: "weakly_operational_sound TRel" and A3:"preorder TRel" and A4: "weak_reduction_correspondence_simulation TRel Target" from A3 have A5: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast with A3 have "TRel⇧* = TRel" using trancl_id[of TRel] reflcl_trancl[of TRel] unfolding preorder_on_def refl_on_def by auto with A1 A2 have "weakly_operational_corresponding (TRel⇧*)" by simp moreover from A4 A5 have "weak_reduction_correspondence_simulation (TRel⇧+) Target" by simp ultimately have "weak_reduction_correspondence_simulation (indRelRTPO TRel) (STCal Source Target)" using WOC_iff_indRelRTPO_is_reduction_correspondence_simulation[where TRel="TRel"] by blast moreover have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ indRelRTPO TRel}" proof auto fix TP TQ assume "(TP, TQ) ∈ TRel" thus "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" by (rule indRelRTPO.target) next fix TP TQ assume "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" with A3 show "(TP, TQ) ∈ TRel" using indRelRTPO_to_TRel(4)[where TRel="TRel"] trancl_id[of TRel] unfolding preorder_on_def by blast qed moreover from A3 have "∀S T. (SourceTerm S, TargetTerm T) ∈ indRelRTPO TRel ⟶ (⟦S⟧, T) ∈ TRel⇧+" using indRelRTPO_to_TRel(2)[where TRel="TRel"] reflcl_trancl[of TRel] trans_closure_of_TRel_refl_cond[where TRel="TRel"] unfolding preorder_on_def refl_on_def by blast with A3 have "∀S T. (SourceTerm S, TargetTerm T) ∈ indRelRTPO TRel ⟶ (⟦S⟧, T) ∈ TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast moreover from A3 have "refl (indRelRTPO TRel)" using indRelRTPO_refl[of TRel] unfolding preorder_on_def by simp moreover have "trans (indRelRTPO TRel)" using indRelRTPO.trans unfolding trans_def by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target)" unfolding preorder_on_def by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target)" from this obtain Rel where B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" and B4: "preorder Rel" and B5: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" by blast from B2 B4 have B6: "refl TRel" unfolding preorder_on_def refl_on_def by blast from B2 B4 have B7: "trans TRel" unfolding trans_def preorder_on_def by blast hence B8: "TRel⇧+ = TRel" using trancl_id[of TRel] by simp with B6 have "TRel⇧* = TRel" using reflcl_trancl[of TRel] unfolding refl_on_def by blast with B1 B3 B5 have "weakly_operational_corresponding TRel" using weak_reduction_correspondence_simulation_impl_WOC[where Rel="Rel" and TRel="TRel"] by simp moreover from B6 B7 have "preorder TRel" unfolding preorder_on_def by blast moreover from B2 B5 B7 B8 have "weak_reduction_correspondence_simulation TRel Target" using rel_includes_TRel_modulo_preorder[where Rel="Rel" and TRel="TRel"] rel_with_target_impl_transC_TRel_is_weak_reduction_correspondence_simulation[where Rel="Rel" and TRel="TRel"] by fast ultimately show "weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target" by blast qed subsection ‹(Strong) Operational Correspondence vs (Strong) Bisimilarity› text ‹An encoding is operational corresponding w.r.t a weak bisimulation on target terms TRel iff there exists a relation, like indRelRTPO, that relates at least all source terms and their literal translations, includes TRel, and is a weak bisimulation. Thus this variant of operational correspondence ensures that source terms and their translations are weak bisimilar.› lemma (in encoding) OC_iff_indRelRTPO_is_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" shows "(operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target) = weak_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" proof (rule iffI, erule conjE) assume ocorr: "operational_corresponding (TRel⇧*)" and bisim: "weak_reduction_bisimulation (TRel⇧+) Target" hence "weak_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" using OCom_iff_indRelRTPO_is_weak_reduction_simulation[where TRel="TRel"] by simp moreover from bisim have "weak_reduction_simulation ((TRel⇧+)¯) Target" using weak_reduction_bisimulations_impl_inverse_is_simulation[where Rel="TRel⇧+"] by simp with ocorr have "weak_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" using OSou_iff_inverse_of_indRelRTPO_is_weak_reduction_simulation[where TRel="TRel"] by simp ultimately show "weak_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" using weak_reduction_simulations_impl_bisimulation[where Rel="indRelRTPO TRel"] by simp next assume bisim: "weak_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" hence "operational_complete (TRel⇧*) ∧ weak_reduction_simulation (TRel⇧+) Target" using OCom_iff_indRelRTPO_is_weak_reduction_simulation[where TRel="TRel"] by simp moreover from bisim have "weak_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" using weak_reduction_bisimulations_impl_inverse_is_simulation[where Rel="indRelRTPO TRel"] by simp hence "operational_sound (TRel⇧*) ∧ weak_reduction_simulation ((TRel⇧+)¯) Target" using OSou_iff_inverse_of_indRelRTPO_is_weak_reduction_simulation[where TRel="TRel"] by simp ultimately show "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target" using weak_reduction_simulations_impl_bisimulation[where Rel="TRel⇧+"] by simp qed lemma (in encoding) OC_iff_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" shows "(operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI, erule conjE) have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀T1 T2. (T1, T2) ∈ TRel ⟶ TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (simp add: indRelRTPO.target) moreover have "∀T1 T2. TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2 ⟶ (T1, T2) ∈ TRel⇧+" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by simp moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume "operational_corresponding (TRel⇧*)" and "weak_reduction_bisimulation (TRel⇧+) Target" hence "weak_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" using OC_iff_indRelRTPO_is_weak_reduction_bisimulation[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and A3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and A4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A5: "weak_reduction_bisimulation Rel (STCal Source Target)" by blast hence "operational_complete (TRel⇧*) ∧ weak_reduction_simulation (TRel⇧+) Target" using OCom_iff_weak_reduction_simulation[where TRel="TRel"] by blast moreover from A5 have "weak_reduction_simulation (Rel¯) (STCal Source Target)" using weak_reduction_bisimulations_impl_inverse_is_simulation[where Rel="Rel"] by simp with A1 A2 A3 A4 have "operational_sound (TRel⇧*) ∧ weak_reduction_simulation ((TRel⇧+)¯) Target" using OSou_iff_weak_reduction_simulation[where TRel="TRel"] by blast ultimately show "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target" using weak_reduction_simulations_impl_bisimulation[where Rel="TRel⇧+"] by simp qed lemma (in encoding) OC_wrt_preorder_iff_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" shows "(operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI, erule conjE, erule conjE, erule conjE) assume A1: "operational_complete TRel" and A2: "operational_sound TRel" and A3:"preorder TRel" and A4: "weak_reduction_bisimulation TRel Target" from A3 have A5: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast with A3 have "TRel⇧* = TRel" using reflcl_trancl[of TRel] unfolding preorder_on_def refl_on_def by blast with A1 A2 have "operational_corresponding (TRel⇧*)" by simp moreover from A4 A5 have "weak_reduction_bisimulation (TRel⇧+) Target" by simp ultimately have "weak_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" using OC_iff_indRelRTPO_is_weak_reduction_bisimulation[where TRel="TRel"] by blast moreover have "∀S. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm (⟦S⟧)" by (simp add: indRelRTPO.encR) moreover have "TRel = {(T1, T2). TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2}" proof auto fix TP TQ assume "(TP, TQ) ∈ TRel" thus "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" by (rule indRelRTPO.target) next fix TP TQ assume "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" with A3 show "(TP, TQ) ∈ TRel" using indRelRTPO_to_TRel(4)[where TRel="TRel"] trancl_id[of TRel] unfolding preorder_on_def by blast qed moreover from A3 have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧+" using indRelRTPO_to_TRel(2)[where TRel="TRel"] reflcl_trancl[of TRel] trans_closure_of_TRel_refl_cond[where TRel="TRel"] unfolding preorder_on_def refl_on_def by auto with A3 have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast moreover from A3 have "refl (indRelRTPO TRel)" unfolding preorder_on_def by (simp add: indRelRTPO_refl) moreover have "trans (indRelRTPO TRel)" using indRelRTPO.trans unfolding trans_def by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" unfolding preorder_on_def by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" and B4: "preorder Rel" and B5: "weak_reduction_bisimulation Rel (STCal Source Target)" by blast from B2 B4 have B6: "refl TRel" unfolding preorder_on_def refl_on_def by blast from B2 B4 have B7: "trans TRel" unfolding trans_def preorder_on_def by blast hence B8: "TRel⇧+ = TRel" using trancl_id[of TRel] by simp with B6 have B9: "TRel⇧* = TRel" using reflcl_trancl[of TRel] unfolding refl_on_def by blast with B3 have "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" by simp moreover from B2 B8 have "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by auto ultimately have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target)" using B1 B5 by blast hence "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target" using OC_iff_weak_reduction_bisimulation[where TRel="TRel"] by simp with B8 B9 have "operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" by simp moreover from B6 B7 have "preorder TRel" unfolding preorder_on_def by blast ultimately show "operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target" by blast qed lemma (in encoding) OC_wrt_equivalence_iff_indRelTEQ_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes eqT: "equivalence TRel" shows "(operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target) ⟷ weak_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" proof (rule iffI, erule conjE) assume oc: "operational_corresponding TRel" and bisimT: "weak_reduction_bisimulation TRel Target" show "weak_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" proof auto fix P Q P' assume "P ∼⟦⋅⟧T<TRel> Q" and "P ⟼(STCal Source Target)* P'" thus "∃Q'. Q ⟼(STCal Source Target)* Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" proof (induct arbitrary: P') case (encR S) assume "SourceTerm S ⟼(STCal Source Target)* P'" from this obtain S' where A1: "S ⟼Source* S'" and A2: "S' ∈S P'" by (auto simp add: STCal_steps(1)) from A1 oc obtain T where A3: "⟦S⟧ ⟼Target* T" and A4: "(⟦S'⟧, T) ∈ TRel" by blast from A3 have "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* (TargetTerm T)" by (simp add: STCal_steps(2)) moreover have "P' ∼⟦⋅⟧T<TRel> TargetTerm T" proof - from A2 have "P' ∼⟦⋅⟧T<TRel> TargetTerm (⟦S'⟧)" by (simp add: indRelTEQ.encR) moreover from A4 have "TargetTerm (⟦S'⟧) ∼⟦⋅⟧T<TRel> TargetTerm T" by (rule indRelTEQ.target) ultimately show "P' ∼⟦⋅⟧T<TRel> TargetTerm T" by (rule indRelTEQ.trans) qed ultimately show "∃Q'. TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (encL S) assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* P'" from this obtain T where B1: "⟦S⟧ ⟼Target* T" and B2: "T ∈T P'" by (auto simp add: STCal_steps(2)) from B1 oc obtain S' where B3: "S ⟼Source* S'" and B4: "(⟦S'⟧, T) ∈ TRel" by blast from B3 have "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by (simp add: STCal_steps(1)) moreover have "P' ∼⟦⋅⟧T<TRel> SourceTerm S'" proof - from B4 eqT have "(T, ⟦S'⟧) ∈ TRel" unfolding equiv_def sym_def by blast with B2 have "P' ∼⟦⋅⟧T<TRel> TargetTerm (⟦S'⟧)" by (simp add: indRelTEQ.target) moreover have "TargetTerm (⟦S'⟧) ∼⟦⋅⟧T<TRel> SourceTerm S'" by (rule indRelTEQ.encL) ultimately show "P' ∼⟦⋅⟧T<TRel> SourceTerm S'" by (rule indRelTEQ.trans) qed ultimately show "∃Q'. SourceTerm S ⟼(STCal Source Target)* Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (target T1 T2) assume "TargetTerm T1 ⟼(STCal Source Target)* P'" from this obtain T1' where C1: "T1 ⟼Target* T1'" and C2: "T1' ∈T P'" by (auto simp add: STCal_steps(2)) assume "(T1, T2) ∈ TRel" with C1 bisimT obtain T2' where C3: "T2 ⟼Target* T2'" and C4: "(T1', T2') ∈ TRel" by blast from C3 have "TargetTerm T2 ⟼(STCal Source Target)* (TargetTerm T2')" by (simp add: STCal_steps(2)) moreover from C2 C4 have "P' ∼⟦⋅⟧T<TRel> TargetTerm T2'" by (simp add: indRelTEQ.target) ultimately show "∃Q'. TargetTerm T2 ⟼(STCal Source Target)* Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (trans P Q R) assume "P ⟼(STCal Source Target)* P'" and "⋀P'. P ⟼(STCal Source Target)* P' ⟹ ∃Q'. Q ⟼(STCal Source Target)* Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" from this obtain Q' where D1: "Q ⟼(STCal Source Target)* Q'" and D2: "P' ∼⟦⋅⟧T<TRel> Q'" by blast assume "⋀Q'. Q ⟼(STCal Source Target)* Q' ⟹ ∃R'. R ⟼(STCal Source Target)* R' ∧ Q' ∼⟦⋅⟧T<TRel> R'" with D1 obtain R' where D3: "R ⟼(STCal Source Target)* R'" and D4: "Q' ∼⟦⋅⟧T<TRel> R'" by blast from D2 D4 have "P' ∼⟦⋅⟧T<TRel> R'" by (rule indRelTEQ.trans) with D3 show "∃R'. R ⟼(STCal Source Target)* R' ∧ P' ∼⟦⋅⟧T<TRel> R'" by blast qed next fix P Q Q' assume "P ∼⟦⋅⟧T<TRel> Q" and "Q ⟼(STCal Source Target)* Q'" thus "∃P'. P ⟼(STCal Source Target)* P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" proof (induct arbitrary: Q') case (encR S) assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q'" from this obtain T where E1: "⟦S⟧ ⟼Target* T" and E2: "T ∈T Q'" by (auto simp add: STCal_steps(2)) from E1 oc obtain S' where E3: "S ⟼Source* S'" and E4: "(⟦S'⟧, T) ∈ TRel" by blast from E3 have "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by (simp add: STCal_steps(1)) moreover have "SourceTerm S' ∼⟦⋅⟧T<TRel> Q'" proof - have "SourceTerm S' ∼⟦⋅⟧T<TRel> TargetTerm (⟦S'⟧)" by (rule indRelTEQ.encR) moreover from E2 E4 have "TargetTerm (⟦S'⟧) ∼⟦⋅⟧T<TRel> Q'" by (simp add: indRelTEQ.target) ultimately show "SourceTerm S' ∼⟦⋅⟧T<TRel> Q'" by (rule indRelTEQ.trans) qed ultimately show "∃P'. SourceTerm S ⟼(STCal Source Target)* P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (encL S) assume "SourceTerm S ⟼(STCal Source Target)* Q'" from this obtain S' where F1: "S ⟼Source* S'" and F2: "S' ∈S Q'" by (auto simp add: STCal_steps(1)) from F1 oc obtain T where F3: "⟦S⟧ ⟼Target* T" and F4: "(⟦S'⟧, T) ∈ TRel" by blast from F3 have "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* (TargetTerm T)" by (simp add: STCal_steps(2)) moreover have "TargetTerm T ∼⟦⋅⟧T<TRel> Q'" proof - from F4 eqT have "(T, ⟦S'⟧) ∈ TRel" unfolding equiv_def sym_def by blast hence "TargetTerm T ∼⟦⋅⟧T<TRel> TargetTerm (⟦S'⟧)" by (rule indRelTEQ.target) moreover from F2 have "TargetTerm (⟦S'⟧) ∼⟦⋅⟧T<TRel> Q'" by (simp add: indRelTEQ.encL) ultimately show "TargetTerm T ∼⟦⋅⟧T<TRel> Q'" by (rule indRelTEQ.trans) qed ultimately show "∃P'. TargetTerm (⟦S⟧) ⟼(STCal Source Target)* P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (target T1 T2) assume "TargetTerm T2 ⟼(STCal Source Target)* Q'" from this obtain T2' where G1: "T2 ⟼Target* T2'" and G2: "T2' ∈T Q'" by (auto simp add: STCal_steps(2)) assume "(T1, T2) ∈ TRel" with G1 bisimT obtain T1' where G3: "T1 ⟼Target* T1'" and G4: "(T1', T2') ∈ TRel" by blast from G3 have "TargetTerm T1 ⟼(STCal Source Target)* (TargetTerm T1')" by (simp add: STCal_steps(2)) moreover from G2 G4 have "TargetTerm T1' ∼⟦⋅⟧T<TRel> Q'" by (simp add: indRelTEQ.target) ultimately show "∃P'. TargetTerm T1 ⟼(STCal Source Target)* P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (trans P Q R R') assume "R ⟼(STCal Source Target)* R'" and "⋀R'. R ⟼(STCal Source Target)* R' ⟹ ∃Q'. Q ⟼(STCal Source Target)* Q' ∧ Q' ∼⟦⋅⟧T<TRel> R'" from this obtain Q' where H1: "Q ⟼(STCal Source Target)* Q'" and H2: "Q' ∼⟦⋅⟧T<TRel> R'" by blast assume "⋀Q'. Q ⟼(STCal Source Target)* Q' ⟹ ∃P'. P ⟼(STCal Source Target)* P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" with H1 obtain P' where H3: "P ⟼(STCal Source Target)* P'" and H4: "P' ∼⟦⋅⟧T<TRel> Q'" by blast from H4 H2 have "P' ∼⟦⋅⟧T<TRel> R'" by (rule indRelTEQ.trans) with H3 show "∃P'. P ⟼(STCal Source Target)* P' ∧ P' ∼⟦⋅⟧T<TRel> R'" by blast qed qed next assume bisim: "weak_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" have "operational_corresponding TRel" proof auto fix S S' have "SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧)" by (rule indRelTEQ.encR) moreover assume "S ⟼Source* S'" hence "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by (simp add: STCal_steps(1)) ultimately obtain Q' where I1: "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q'" and I2: "SourceTerm S' ∼⟦⋅⟧T<TRel> Q'" using bisim by blast from I1 obtain T where I3: "⟦S⟧ ⟼Target* T" and I4: "T ∈T Q'" by (auto simp add: STCal_steps(2)) from eqT have "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto with I2 I4 have "(⟦S'⟧, T) ∈ TRel" using indRelTEQ_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp with I3 show "∃T. ⟦S⟧ ⟼Target* T ∧ (⟦S'⟧, T) ∈ TRel" by blast next fix S T have "SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧)" by (rule indRelTEQ.encR) moreover assume "⟦S⟧ ⟼Target* T" hence "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* (TargetTerm T)" by (simp add: STCal_steps(2)) ultimately obtain Q' where J1: "SourceTerm S ⟼(STCal Source Target)* Q'" and J2: "Q' ∼⟦⋅⟧T<TRel> TargetTerm T" using bisim by blast from J1 obtain S' where J3: "S ⟼Source* S'" and J4: "S' ∈S Q'" by (auto simp add: STCal_steps(1)) from eqT have "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto with J2 J4 have "(⟦S'⟧, T) ∈ TRel" using indRelTEQ_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by blast with J3 show "∃S'. S ⟼Source* S' ∧ (⟦S'⟧, T) ∈ TRel" by blast qed moreover have "weak_reduction_bisimulation TRel Target" proof - from eqT have "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto with bisim show "weak_reduction_bisimulation TRel Target" using indRelTEQ_impl_TRel_is_weak_reduction_bisimulation[where TRel="TRel"] by simp qed ultimately show "operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" by simp qed lemma (in encoding) OC_wrt_equivalence_iff_weak_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes eqT: "equivalence TRel" shows "(operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target) ⟷ (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI, erule conjE) assume oc: "operational_corresponding TRel" and bisimT: "weak_reduction_bisimulation TRel Target" from eqT have rt: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto have "∀S. SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧) ∧ TargetTerm (⟦S⟧) ∼⟦⋅⟧T<TRel> SourceTerm S" by (simp add: indRelTEQ.encR indRelTEQ.encL) moreover from rt have "TRel = {(T1, T2). TargetTerm T1 ∼⟦⋅⟧T<TRel> TargetTerm T2}" using indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by (auto simp add: indRelTEQ.target) moreover have "trans (indRelTEQ TRel)" using indRelTEQ.trans[where TRel="TRel"] unfolding trans_def by blast moreover from eqT oc bisimT have "weak_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" using OC_wrt_equivalence_iff_indRelTEQ_weak_reduction_bisimulation[where TRel="TRel"] by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and A2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and A3: "trans Rel" and A4: "weak_reduction_bisimulation Rel (STCal Source Target)" by blast have "operational_corresponding TRel" proof auto fix S S' from A1 have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover assume "S ⟼Source* S'" hence "SourceTerm S ⟼(STCal Source Target)* (SourceTerm S')" by (simp add: STCal_steps(1)) ultimately obtain Q' where B1: "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* Q'" and B2: "(SourceTerm S', Q') ∈ Rel" using A4 by blast from B1 obtain T where B3: "⟦S⟧ ⟼Target* T" and B4: "T ∈T Q'" by (auto simp add: STCal_steps(2)) from A1 have "(TargetTerm (⟦S'⟧), SourceTerm S') ∈ Rel" by simp with B2 A3 have "(TargetTerm (⟦S'⟧), Q') ∈ Rel" unfolding trans_def by blast with B4 A2 have "(⟦S'⟧, T) ∈ TRel" by simp with B3 show "∃T. ⟦S⟧ ⟼Target* T ∧ (⟦S'⟧, T) ∈ TRel" by blast next fix S T from A1 have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover assume "⟦S⟧ ⟼Target* T" hence "TargetTerm (⟦S⟧) ⟼(STCal Source Target)* (TargetTerm T)" by (simp add: STCal_steps(2)) ultimately obtain P' where C1: "SourceTerm S ⟼(STCal Source Target)* P'" and C2: "(P', TargetTerm T) ∈ Rel" using A4 by blast from C1 obtain S' where C3: "S ⟼Source* S'" and C4: "S' ∈S P'" by (auto simp add: STCal_steps(1)) from A1 C4 have "(TargetTerm (⟦S'⟧), P') ∈ Rel" by simp from A3 this C2 have "(TargetTerm (⟦S'⟧), TargetTerm T) ∈ Rel" unfolding trans_def by blast with A2 have "(⟦S'⟧, T) ∈ TRel" by simp with C3 show "∃S'. S ⟼Source* S' ∧ (⟦S'⟧, T) ∈ TRel" by blast qed moreover have "weak_reduction_bisimulation TRel Target" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with A2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼Target* TP'" hence "TargetTerm TP ⟼(STCal Source Target)* (TargetTerm TP')" by (simp add: STCal_steps(2)) ultimately obtain Q' where D1: "TargetTerm TQ ⟼(STCal Source Target)* Q'" and D2: "(TargetTerm TP', Q') ∈ Rel" using A4 by blast from D1 obtain TQ' where D3: "TQ ⟼Target* TQ'" and D4: "TQ' ∈T Q'" by (auto simp add: STCal_steps(2)) from A2 D2 D4 have "(TP', TQ') ∈ TRel" by simp with D3 show "∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ TRel" by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with A2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼Target* TQ'" hence "TargetTerm TQ ⟼(STCal Source Target)* (TargetTerm TQ')" by (simp add: STCal_steps(2)) ultimately obtain P' where E1: "TargetTerm TP ⟼(STCal Source Target)* P'" and E2: "(P', TargetTerm TQ') ∈ Rel" using A4 by blast from E1 obtain TP' where E3: "TP ⟼Target* TP'" and E4: "TP' ∈T P'" by (auto simp add: STCal_steps(2)) from A2 E2 E4 have "(TP', TQ') ∈ TRel" by simp with E3 show "∃TP'. TP ⟼Target* TP' ∧ (TP', TQ') ∈ TRel" by blast qed ultimately show "operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" by simp qed text ‹An encoding is strong operational corresponding w.r.t a strong bisimulation on target terms TRel iff there exists a relation, like indRelRTPO, that relates at least all source terms and their literal translations, includes TRel, and is a strong bisimulation. Thus this variant of operational correspondence ensures that source terms and their translations are strong bisimilar.› lemma (in encoding) SOC_iff_indRelRTPO_is_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" shows "(strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target) = strong_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" proof (rule iffI, erule conjE) assume ocorr: "strongly_operational_corresponding (TRel⇧*)" and bisim: "strong_reduction_bisimulation (TRel⇧+) Target" hence "strong_reduction_simulation (indRelRTPO TRel) (STCal Source Target)" using SOCom_iff_indRelRTPO_is_strong_reduction_simulation[where TRel="TRel"] by simp moreover from bisim have "strong_reduction_simulation ((TRel⇧+)¯) Target" using strong_reduction_bisimulations_impl_inverse_is_simulation[where Rel="TRel⇧+"] by simp with ocorr have "strong_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" using SOSou_iff_inverse_of_indRelRTPO_is_strong_reduction_simulation[where TRel="TRel"] by simp ultimately show "strong_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" using strong_reduction_simulations_impl_bisimulation[where Rel="indRelRTPO TRel"] by simp next assume bisim: "strong_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" hence "strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target" using SOCom_iff_indRelRTPO_is_strong_reduction_simulation[where TRel="TRel"] by simp moreover from bisim have "strong_reduction_simulation ((indRelRTPO TRel)¯) (STCal Source Target)" using strong_reduction_bisimulations_impl_inverse_is_simulation[where Rel="indRelRTPO TRel"] by simp hence "strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target" using SOSou_iff_inverse_of_indRelRTPO_is_strong_reduction_simulation[where TRel="TRel"] by simp ultimately show "strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target" using strong_reduction_simulations_impl_bisimulation[where Rel="TRel⇧+"] by simp qed lemma (in encoding) SOC_iff_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" shows "(strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI, erule conjE) have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀T1 T2. (T1, T2) ∈ TRel ⟶ TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2" by (simp add: indRelRTPO.target) moreover have "∀T1 T2. TargetTerm T1 ≲⟦⋅⟧RT<TRel> TargetTerm T2 ⟶ (T1, T2) ∈ TRel⇧+" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by simp moreover have "∀S T. SourceTerm S ≲⟦⋅⟧RT<TRel> TargetTerm T ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond by simp moreover assume "strongly_operational_corresponding (TRel⇧*)" and "strong_reduction_bisimulation (TRel⇧+) Target" hence "strong_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" using SOC_iff_indRelRTPO_is_strong_reduction_bisimulation[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_bisimulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and A3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and A4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and A5: "strong_reduction_bisimulation Rel (STCal Source Target)" by blast hence "strongly_operational_complete (TRel⇧*) ∧ strong_reduction_simulation (TRel⇧+) Target" using SOCom_iff_strong_reduction_simulation[where TRel="TRel"] by blast moreover from A5 have "strong_reduction_simulation (Rel¯) (STCal Source Target)" using strong_reduction_bisimulations_impl_inverse_is_simulation[where Rel="Rel"] by simp with A1 A2 A3 A4 have "strongly_operational_sound (TRel⇧*) ∧ strong_reduction_simulation ((TRel⇧+)¯) Target" using SOSou_iff_strong_reduction_simulation[where TRel="TRel"] by blast ultimately show "strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target" using strong_reduction_simulations_impl_bisimulation[where Rel="TRel⇧+"] by simp qed lemma (in encoding) SOC_wrt_preorder_iff_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" shows "(strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI, erule conjE, erule conjE, erule conjE) assume A1: "strongly_operational_complete TRel" and A2: "strongly_operational_sound TRel" and A3:"preorder TRel" and A4: "strong_reduction_bisimulation TRel Target" from A3 have A5: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast with A3 have "TRel⇧* = TRel" using reflcl_trancl[of TRel] unfolding preorder_on_def refl_on_def by blast with A1 A2 have "strongly_operational_corresponding (TRel⇧*)" by simp moreover from A4 A5 have "strong_reduction_bisimulation (TRel⇧+) Target" by simp ultimately have "strong_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" using SOC_iff_indRelRTPO_is_strong_reduction_bisimulation[where TRel="TRel"] by blast moreover have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ indRelRTPO TRel}" proof auto fix TP TQ assume "(TP, TQ) ∈ TRel" thus "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" by (rule indRelRTPO.target) next fix TP TQ assume "TargetTerm TP ≲⟦⋅⟧RT<TRel> TargetTerm TQ" with A3 show "(TP, TQ) ∈ TRel" using indRelRTPO_to_TRel(4)[where TRel="TRel"] trancl_id[of TRel] unfolding preorder_on_def by blast qed moreover from A3 have "∀S T. (SourceTerm S, TargetTerm T) ∈ indRelRTPO TRel ⟶ (⟦S⟧, T) ∈ TRel⇧+" using indRelRTPO_to_TRel(2)[where TRel="TRel"] reflcl_trancl[of TRel] trans_closure_of_TRel_refl_cond[where TRel="TRel"] unfolding preorder_on_def refl_on_def by blast with A3 have "∀S T. (SourceTerm S, TargetTerm T) ∈ indRelRTPO TRel ⟶ (⟦S⟧, T) ∈ TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast moreover from A3 have "refl (indRelRTPO TRel)" unfolding preorder_on_def by (simp add: indRelRTPO_refl) moreover have "trans (indRelRTPO TRel)" using indRelRTPO.trans unfolding trans_def by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" unfolding preorder_on_def by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" and B4: "preorder Rel" and B5: "strong_reduction_bisimulation Rel (STCal Source Target)" by blast from B2 B4 have B6: "refl TRel" unfolding preorder_on_def refl_on_def by blast from B2 B4 have B7: "trans TRel" unfolding trans_def preorder_on_def by blast hence B8: "TRel⇧+ = TRel" by (rule trancl_id) with B6 have B9: "TRel⇧* = TRel" using reflcl_trancl[of TRel] unfolding refl_on_def by blast with B3 have "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" by simp moreover from B2 B8 have "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by auto ultimately have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_bisimulation Rel (STCal Source Target)" using B1 B5 by blast hence "strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target" using SOC_iff_strong_reduction_bisimulation[where TRel="TRel"] by simp with B8 B9 have "strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target" by simp moreover from B6 B7 have "preorder TRel" unfolding preorder_on_def by blast ultimately show "strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target" by blast qed lemma (in encoding) SOC_wrt_TRel_iff_strong_reduction_bisimulation: shows "(∃TRel. strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI) assume "∃TRel. strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target" from this obtain TRel where "strongly_operational_corresponding (TRel⇧*)" and "strong_reduction_bisimulation (TRel⇧+) Target" by blast hence "strong_reduction_bisimulation (indRelRTPO TRel) (STCal Source Target)" using SOC_iff_indRelRTPO_is_strong_reduction_bisimulation[where TRel="TRel"] by simp moreover have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelRTPO TRel" by (simp add: indRelRTPO.encR) moreover have "∀S T. (SourceTerm S, TargetTerm T) ∈ (indRelRTPO TRel) ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ (indRelRTPO TRel)⇧=" using indRelRTPO_relates_source_target[where TRel="TRel"] by simp ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_bisimulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=) ∧ strong_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel⇧=" and A3: "strong_reduction_bisimulation Rel (STCal Source Target)" by blast from A2 obtain TRel where "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" using target_relation_from_source_target_relation[where Rel="Rel"] by blast with A1 A3 have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_bisimulation Rel (STCal Source Target)" by blast hence "strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target" using SOC_iff_strong_reduction_bisimulation[where TRel="TRel"] by simp thus "∃TRel. strongly_operational_corresponding (TRel⇧*) ∧ strong_reduction_bisimulation (TRel⇧+) Target" by blast qed lemma (in encoding) SOC_wrt_equivalence_iff_indRelTEQ_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes eqT: "equivalence TRel" shows "(strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target) ⟷ strong_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" proof (rule iffI, erule conjE) assume oc: "strongly_operational_corresponding TRel" and bisimT: "strong_reduction_bisimulation TRel Target" show "strong_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" proof auto fix P Q P' assume "P ∼⟦⋅⟧T<TRel> Q" and "P ⟼(STCal Source Target) P'" thus "∃Q'. Q ⟼(STCal Source Target) Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" proof (induct arbitrary: P') case (encR S) assume "SourceTerm S ⟼(STCal Source Target) P'" from this obtain S' where A1: "S ⟼Source S'" and A2: "S' ∈S P'" by (auto simp add: STCal_step(1)) from A1 oc obtain T where A3: "⟦S⟧ ⟼Target T" and A4: "(⟦S'⟧, T) ∈ TRel" by blast from A3 have "TargetTerm (⟦S⟧) ⟼(STCal Source Target) (TargetTerm T)" by (simp add: STCal_step(2)) moreover have "P' ∼⟦⋅⟧T<TRel> TargetTerm T" proof - from A2 have "P' ∼⟦⋅⟧T<TRel> TargetTerm (⟦S'⟧)" by (simp add: indRelTEQ.encR) moreover from A4 have "TargetTerm (⟦S'⟧) ∼⟦⋅⟧T<TRel> TargetTerm T" by (rule indRelTEQ.target) ultimately show "P' ∼⟦⋅⟧T<TRel> TargetTerm T" by (rule indRelTEQ.trans) qed ultimately show "∃Q'. TargetTerm (⟦S⟧) ⟼(STCal Source Target) Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (encL S) assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target) P'" from this obtain T where B1: "⟦S⟧ ⟼Target T" and B2: "T ∈T P'" by (auto simp add: STCal_step(2)) from B1 oc obtain S' where B3: "S ⟼Source S'" and B4: "(⟦S'⟧, T) ∈ TRel" by blast from B3 have "SourceTerm S ⟼(STCal Source Target) (SourceTerm S')" by (simp add: STCal_step(1)) moreover have "P' ∼⟦⋅⟧T<TRel> SourceTerm S'" proof - from B4 eqT have "(T, ⟦S'⟧) ∈ TRel" unfolding equiv_def sym_def by blast with B2 have "P' ∼⟦⋅⟧T<TRel> TargetTerm (⟦S'⟧)" by (simp add: indRelTEQ.target) moreover have "TargetTerm (⟦S'⟧) ∼⟦⋅⟧T<TRel> SourceTerm S'" by (rule indRelTEQ.encL) ultimately show "P' ∼⟦⋅⟧T<TRel> SourceTerm S'" by (rule indRelTEQ.trans) qed ultimately show "∃Q'. SourceTerm S ⟼(STCal Source Target) Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (target T1 T2) assume "TargetTerm T1 ⟼(STCal Source Target) P'" from this obtain T1' where C1: "T1 ⟼Target T1'" and C2: "T1' ∈T P'" by (auto simp add: STCal_step(2)) assume "(T1, T2) ∈ TRel" with C1 bisimT obtain T2' where C3: "T2 ⟼Target T2'" and C4: "(T1', T2') ∈ TRel" by blast from C3 have "TargetTerm T2 ⟼(STCal Source Target) (TargetTerm T2')" by (simp add: STCal_step(2)) moreover from C2 C4 have "P' ∼⟦⋅⟧T<TRel> TargetTerm T2'" by (simp add: indRelTEQ.target) ultimately show "∃Q'. TargetTerm T2 ⟼(STCal Source Target) Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (trans P Q R) assume "P ⟼(STCal Source Target) P'" and "⋀P'. P ⟼(STCal Source Target) P' ⟹ ∃Q'. Q ⟼(STCal Source Target) Q' ∧ P' ∼⟦⋅⟧T<TRel> Q'" from this obtain Q' where D1: "Q ⟼(STCal Source Target) Q'" and D2: "P' ∼⟦⋅⟧T<TRel> Q'" by blast assume "⋀Q'. Q ⟼(STCal Source Target) Q' ⟹ ∃R'. R ⟼(STCal Source Target) R' ∧ Q' ∼⟦⋅⟧T<TRel> R'" with D1 obtain R' where D3: "R ⟼(STCal Source Target) R'" and D4: "Q' ∼⟦⋅⟧T<TRel> R'" by blast from D2 D4 have "P' ∼⟦⋅⟧T<TRel> R'" by (rule indRelTEQ.trans) with D3 show "∃R'. R ⟼(STCal Source Target) R' ∧ P' ∼⟦⋅⟧T<TRel> R'" by blast qed next fix P Q Q' assume "P ∼⟦⋅⟧T<TRel> Q" and "Q ⟼(STCal Source Target) Q'" thus "∃P'. P ⟼(STCal Source Target) P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" proof (induct arbitrary: Q') case (encR S) assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target) Q'" from this obtain T where E1: "⟦S⟧ ⟼Target T" and E2: "T ∈T Q'" by (auto simp add: STCal_step(2)) from E1 oc obtain S' where E3: "S ⟼Source S'" and E4: "(⟦S'⟧, T) ∈ TRel" by blast from E3 have "SourceTerm S ⟼(STCal Source Target) (SourceTerm S')" by (simp add: STCal_step(1)) moreover have "SourceTerm S' ∼⟦⋅⟧T<TRel> Q'" proof - have "SourceTerm S' ∼⟦⋅⟧T<TRel> TargetTerm (⟦S'⟧)" by (rule indRelTEQ.encR) moreover from E2 E4 have "TargetTerm (⟦S'⟧) ∼⟦⋅⟧T<TRel> Q'" by (simp add: indRelTEQ.target) ultimately show "SourceTerm S' ∼⟦⋅⟧T<TRel> Q'" by (rule indRelTEQ.trans) qed ultimately show "∃P'. SourceTerm S ⟼(STCal Source Target) P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (encL S) assume "SourceTerm S ⟼(STCal Source Target) Q'" from this obtain S' where F1: "S ⟼Source S'" and F2: "S' ∈S Q'" by (auto simp add: STCal_step(1)) from F1 oc obtain T where F3: "⟦S⟧ ⟼Target T" and F4: "(⟦S'⟧, T) ∈ TRel" by blast from F3 have "TargetTerm (⟦S⟧) ⟼(STCal Source Target) (TargetTerm T)" by (simp add: STCal_step(2)) moreover have "TargetTerm T ∼⟦⋅⟧T<TRel> Q'" proof - from F4 eqT have "(T, ⟦S'⟧) ∈ TRel" unfolding equiv_def sym_def by blast hence "TargetTerm T ∼⟦⋅⟧T<TRel> TargetTerm (⟦S'⟧)" by (rule indRelTEQ.target) moreover from F2 have "TargetTerm (⟦S'⟧) ∼⟦⋅⟧T<TRel> Q'" by (simp add: indRelTEQ.encL) ultimately show "TargetTerm T ∼⟦⋅⟧T<TRel> Q'" by (rule indRelTEQ.trans) qed ultimately show "∃P'. TargetTerm (⟦S⟧) ⟼(STCal Source Target) P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (target T1 T2) assume "TargetTerm T2 ⟼(STCal Source Target) Q'" from this obtain T2' where G1: "T2 ⟼Target T2'" and G2: "T2' ∈T Q'" by (auto simp add: STCal_step(2)) assume "(T1, T2) ∈ TRel" with G1 bisimT obtain T1' where G3: "T1 ⟼Target T1'" and G4: "(T1', T2') ∈ TRel" by blast from G3 have "TargetTerm T1 ⟼(STCal Source Target) (TargetTerm T1')" by (simp add: STCal_step(2)) moreover from G2 G4 have "TargetTerm T1' ∼⟦⋅⟧T<TRel> Q'" by (simp add: indRelTEQ.target) ultimately show "∃P'. TargetTerm T1 ⟼(STCal Source Target) P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" by blast next case (trans P Q R R') assume "R ⟼(STCal Source Target) R'" and "⋀R'. R ⟼(STCal Source Target) R' ⟹ ∃Q'. Q ⟼(STCal Source Target) Q' ∧ Q' ∼⟦⋅⟧T<TRel> R'" from this obtain Q' where H1: "Q ⟼(STCal Source Target) Q'" and H2: "Q' ∼⟦⋅⟧T<TRel> R'" by blast assume "⋀Q'. Q ⟼(STCal Source Target) Q' ⟹ ∃P'. P ⟼(STCal Source Target) P' ∧ P' ∼⟦⋅⟧T<TRel> Q'" with H1 obtain P' where H3: "P ⟼(STCal Source Target) P'" and H4: "P' ∼⟦⋅⟧T<TRel> Q'" by blast from H4 H2 have "P' ∼⟦⋅⟧T<TRel> R'" by (rule indRelTEQ.trans) with H3 show "∃P'. P ⟼(STCal Source Target) P' ∧ P' ∼⟦⋅⟧T<TRel> R'" by blast qed qed next assume bisim: "strong_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" have "strongly_operational_corresponding TRel" proof auto fix S S' have "SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧)" by (rule indRelTEQ.encR) moreover assume "S ⟼Source S'" hence "SourceTerm S ⟼(STCal Source Target) (SourceTerm S')" by (simp add: STCal_step(1)) ultimately obtain Q' where I1: "TargetTerm (⟦S⟧) ⟼(STCal Source Target) Q'" and I2: "SourceTerm S' ∼⟦⋅⟧T<TRel> Q'" using bisim by blast from I1 obtain T where I3: "⟦S⟧ ⟼Target T" and I4: "T ∈T Q'" by (auto simp add: STCal_step(2)) from eqT have "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto with I2 I4 have "(⟦S'⟧, T) ∈ TRel" using indRelTEQ_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp with I3 show "∃T. ⟦S⟧ ⟼Target T ∧ (⟦S'⟧, T) ∈ TRel" by blast next fix S T have "SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧)" by (rule indRelTEQ.encR) moreover assume "⟦S⟧ ⟼Target T" hence "TargetTerm (⟦S⟧) ⟼(STCal Source Target) (TargetTerm T)" by (simp add: STCal_step(2)) ultimately obtain Q' where J1: "SourceTerm S ⟼(STCal Source Target) Q'" and J2: "Q' ∼⟦⋅⟧T<TRel> TargetTerm T" using bisim by blast from J1 obtain S' where J3: "S ⟼Source S'" and J4: "S' ∈S Q'" by (auto simp add: STCal_step(1)) from eqT have "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto with J2 J4 have "(⟦S'⟧, T) ∈ TRel" using indRelTEQ_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by blast with J3 show "∃S'. S ⟼Source S' ∧ (⟦S'⟧, T) ∈ TRel" by blast qed moreover have "strong_reduction_bisimulation TRel Target" proof - from eqT have "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto with bisim show "strong_reduction_bisimulation TRel Target" using indRelTEQ_impl_TRel_is_strong_reduction_bisimulation[where TRel="TRel"] by simp qed ultimately show "strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target" by simp qed lemma (in encoding) SOC_wrt_equivalence_iff_strong_reduction_bisimulation: fixes TRel :: "('procT × 'procT) set" assumes eqT: "equivalence TRel" shows "(strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target) ⟷ (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI, erule conjE) assume oc: "strongly_operational_corresponding TRel" and bisimT: "strong_reduction_bisimulation TRel Target" from eqT have rt: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto have "∀S. SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧) ∧ TargetTerm (⟦S⟧) ∼⟦⋅⟧T<TRel> SourceTerm S" by (simp add: indRelTEQ.encR indRelTEQ.encL) moreover from rt have "TRel = {(T1, T2). TargetTerm T1 ∼⟦⋅⟧T<TRel> TargetTerm T2}" using indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by (auto simp add: indRelTEQ.target) moreover have "trans (indRelTEQ TRel)" using indRelTEQ.trans[where TRel="TRel"] unfolding trans_def by blast moreover from eqT oc bisimT have "strong_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" using SOC_wrt_equivalence_iff_indRelTEQ_strong_reduction_bisimulation[where TRel="TRel"] by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and A2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and A3: "trans Rel" and A4: "strong_reduction_bisimulation Rel (STCal Source Target)" by blast have "strongly_operational_corresponding TRel" proof auto fix S S' from A1 have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover assume "S ⟼Source S'" hence "SourceTerm S ⟼(STCal Source Target) (SourceTerm S')" by (simp add: STCal_step(1)) ultimately obtain Q' where B1: "TargetTerm (⟦S⟧) ⟼(STCal Source Target) Q'" and B2: "(SourceTerm S', Q') ∈ Rel" using A4 by blast from B1 obtain T where B3: "⟦S⟧ ⟼Target T" and B4: "T ∈T Q'" by (auto simp add: STCal_step(2)) from A1 have "(TargetTerm (⟦S'⟧), SourceTerm S') ∈ Rel" by simp with B2 A3 have "(TargetTerm (⟦S'⟧), Q') ∈ Rel" unfolding trans_def by blast with B4 A2 have "(⟦S'⟧, T) ∈ TRel" by simp with B3 show "∃T. ⟦S⟧ ⟼Target T ∧ (⟦S'⟧, T) ∈ TRel" by blast next fix S T from A1 have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover assume "⟦S⟧ ⟼Target T" hence "TargetTerm (⟦S⟧) ⟼(STCal Source Target) (TargetTerm T)" by (simp add: STCal_step(2)) ultimately obtain P' where C1: "SourceTerm S ⟼(STCal Source Target) P'" and C2: "(P', TargetTerm T) ∈ Rel" using A4 by blast from C1 obtain S' where C3: "S ⟼Source S'" and C4: "S' ∈S P'" by (auto simp add: STCal_step(1)) from A1 C4 have "(TargetTerm (⟦S'⟧), P') ∈ Rel" by simp from A3 this C2 have "(TargetTerm (⟦S'⟧), TargetTerm T) ∈ Rel" unfolding trans_def by blast with A2 have "(⟦S'⟧, T) ∈ TRel" by simp with C3 show "∃S'. S ⟼Source S' ∧ (⟦S'⟧, T) ∈ TRel" by blast qed moreover have "strong_reduction_bisimulation TRel Target" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with A2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼Target TP'" hence "TargetTerm TP ⟼(STCal Source Target) (TargetTerm TP')" by (simp add: STCal_step(2)) ultimately obtain Q' where D1: "TargetTerm TQ ⟼(STCal Source Target) Q'" and D2: "(TargetTerm TP', Q') ∈ Rel" using A4 by blast from D1 obtain TQ' where D3: "TQ ⟼Target TQ'" and D4: "TQ' ∈T Q'" by (auto simp add: STCal_step(2)) from A2 D2 D4 have "(TP', TQ') ∈ TRel" by simp with D3 show "∃TQ'. TQ ⟼Target TQ' ∧ (TP', TQ') ∈ TRel" by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with A2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼Target TQ'" hence "TargetTerm TQ ⟼(STCal Source Target) (TargetTerm TQ')" by (simp add: STCal_step(2)) ultimately obtain P' where E1: "TargetTerm TP ⟼(STCal Source Target) P'" and E2: "(P', TargetTerm TQ') ∈ Rel" using A4 by blast from E1 obtain TP' where E3: "TP ⟼Target TP'" and E4: "TP' ∈T P'" by (auto simp add: STCal_step(2)) from A2 E2 E4 have "(TP', TQ') ∈ TRel" by simp with E3 show "∃TP'. TP ⟼Target TP' ∧ (TP', TQ') ∈ TRel" by blast qed ultimately show "strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target" by simp qed end
Theory FullAbstraction
theory FullAbstraction imports SourceTargetRelation begin section ‹Full Abstraction› text ‹An encoding is fully abstract w.r.t. some source term relation SRel and some target term relation TRel if two source terms S1 and S2 form a pair (S1, S2) in SRel iff their literal translations form a pair (enc S1, enc S2) in TRel.› abbreviation (in encoding) fully_abstract :: "('procS × 'procS) set ⇒ ('procT × 'procT) set ⇒ bool" where "fully_abstract SRel TRel ≡ ∀S1 S2. (S1, S2) ∈ SRel ⟷ (⟦S1⟧, ⟦S2⟧) ∈ TRel" subsection ‹Trivial Full Abstraction Results› text ‹We start with some trivial full abstraction results. Each injective encoding is fully abstract w.r.t. to the identity relation on the source and the identity relation on the target.› lemma (in encoding) inj_enc_is_fully_abstract_wrt_identities: assumes injectivity: "∀S1 S2. ⟦S1⟧ = ⟦S2⟧ ⟶ S1 = S2" shows "fully_abstract {(S1, S2). S1 = S2} {(T1, T2). T1 = T2}" by (auto simp add: injectivity) text ‹Each encoding is fully abstract w.r.t. the empty relation on the source and the target.› lemma (in encoding) fully_abstract_wrt_empty_relation: shows "fully_abstract {} {}" by auto text ‹Similarly, each encoding is fully abstract w.r.t. the all-relation on the source and the target.› lemma (in encoding) fully_abstract_wrt_all_relation: shows "fully_abstract {(S1, S2). True} {(T1, T2). True}" by auto text ‹If the encoding is injective then for each source term relation RelS there exists a target term relation RelT such that the encoding is fully abstract w.r.t. RelS and RelT.› lemma (in encoding) fully_abstract_wrt_source_relation: fixes RelS :: "('procS × 'procS) set" assumes injectivity: "∀S1 S2. ⟦S1⟧ = ⟦S2⟧ ⟶ S1 = S2" shows "∃RelT. fully_abstract RelS RelT" proof - define RelT where "RelT = {(T1, T2). ∃S1 S2. (S1, S2) ∈ RelS ∧ T1 = ⟦S1⟧ ∧ T2 = ⟦S2⟧}" with injectivity have "fully_abstract RelS RelT" by blast thus "∃RelT. fully_abstract RelS RelT" by blast qed text ‹If all source terms that are translated to the same target term are related by a trans source term relation RelS, then there exists a target term relation RelT such that the encoding is fully abstract w.r.t. RelS and RelT.› lemma (in encoding) fully_abstract_wrt_trans_source_relation: fixes RelS :: "('procS × 'procS) set" assumes encRelS: "∀S1 S2. ⟦S1⟧ = ⟦S2⟧ ⟶ (S1, S2) ∈ RelS" and transS: "trans RelS" shows "∃RelT. fully_abstract RelS RelT" proof - define RelT where "RelT = {(T1, T2). ∃S1 S2. (S1, S2) ∈ RelS ∧ T1 = ⟦S1⟧ ∧ T2 = ⟦S2⟧}" have "fully_abstract RelS RelT" proof auto fix S1 S2 assume "(S1, S2) ∈ RelS" with RelT_def show "(⟦S1⟧, ⟦S2⟧) ∈ RelT" by blast next fix S1 S2 assume "(⟦S1⟧, ⟦S2⟧) ∈ RelT" with RelT_def obtain S1' S2' where A1: "(S1', S2') ∈ RelS" and A2: "⟦S1⟧ = ⟦S1'⟧" and A3: "⟦S2⟧ = ⟦S2'⟧" by blast from A2 encRelS have "(S1, S1') ∈ RelS" by simp from this A1 transS have "(S1, S2') ∈ RelS" unfolding trans_def by blast moreover from A3 encRelS have "(S2', S2) ∈ RelS" by simp ultimately show "(S1, S2) ∈ RelS" using transS unfolding trans_def by blast qed thus "∃RelT. fully_abstract RelS RelT" by blast qed lemma (in encoding) fully_abstract_wrt_trans_closure_of_source_relation: fixes RelS :: "('procS × 'procS) set" assumes encRelS: "∀S1 S2. ⟦S1⟧ = ⟦S2⟧ ⟶ (S1, S2) ∈ RelS⇧+" shows "∃RelT. fully_abstract (RelS⇧+) RelT" using encRelS trans_trancl[of RelS] fully_abstract_wrt_trans_source_relation[where RelS="RelS⇧+"] by blast text ‹For every encoding and every target term relation RelT there exists a source term relation RelS such that the encoding is fully abstract w.r.t. RelS and RelT.› lemma (in encoding) fully_abstract_wrt_target_relation: fixes RelT :: "('procT × 'procT) set" shows "∃RelS. fully_abstract RelS RelT" proof - define RelS where "RelS = {(S1, S2). (⟦S1⟧, ⟦S2⟧) ∈ RelT}" hence "fully_abstract RelS RelT" by simp thus "∃RelS. fully_abstract RelS RelT" by blast qed subsection ‹Fully Abstract Encodings› text ‹Thus, as long as we can choose one of the two relations, full abstraction is trivial. For fixed source and target term relations encodings are not trivially fully abstract. For all encodings and relations SRel and TRel we can construct a relation on the disjunctive union of source and target terms, whose reduction to source terms is SRel and whose reduction to target terms is TRel. But full abstraction ensures that each trans relation that relates source terms and their literal translations in both directions includes SRel iff it includes TRel restricted to translated source terms.› lemma (in encoding) full_abstraction_and_trans_relation_contains_SRel_impl_TRel: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and encR: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and srel: "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and trans: "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" shows "∀S1 S2. (⟦S1⟧, ⟦S2⟧) ∈ TRel ⟷ (TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" proof auto fix S1 S2 define Rel' where "Rel' = Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" hence "(TargetTerm (⟦S1⟧), SourceTerm S1) ∈ Rel'" by simp moreover assume "(⟦S1⟧, ⟦S2⟧) ∈ TRel" with fullAbs have "(S1, S2) ∈ SRel" by simp with srel Rel'_def have "(SourceTerm S1, SourceTerm S2) ∈ Rel'" by simp moreover from encR Rel'_def have "(SourceTerm S2, TargetTerm (⟦S2⟧)) ∈ Rel'" by simp ultimately show "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" using trans Rel'_def unfolding trans_def by blast next fix S1 S2 define Rel' where "Rel' = Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" from encR Rel'_def have "(SourceTerm S1, TargetTerm (⟦S1⟧)) ∈ Rel'" by simp moreover assume "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" with Rel'_def have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel'" by simp moreover from Rel'_def have "(TargetTerm (⟦S2⟧), SourceTerm S2) ∈ Rel'" by simp ultimately have "(SourceTerm S1, SourceTerm S2) ∈ Rel" using trans Rel'_def unfolding trans_def by blast with srel have "(S1, S2) ∈ SRel" by simp with fullAbs show "(⟦S1⟧, ⟦S2⟧) ∈ TRel" by simp qed lemma (in encoding) full_abstraction_and_trans_relation_contains_TRel_impl_SRel: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and encR: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and trel: "∀S1 S2. (⟦S1⟧, ⟦S2⟧) ∈ TRel ⟷ (TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" and trans: "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" shows "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" proof auto fix S1 S2 define Rel' where "Rel' = Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" from encR Rel'_def have "(SourceTerm S1, TargetTerm (⟦S1⟧)) ∈ Rel'" by simp moreover assume "(S1, S2) ∈ SRel" with fullAbs have "(⟦S1⟧, ⟦S2⟧) ∈ TRel" by simp with trel Rel'_def have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel'" by simp moreover from Rel'_def have "(TargetTerm (⟦S2⟧), SourceTerm S2) ∈ Rel'" by simp ultimately show "(SourceTerm S1, SourceTerm S2) ∈ Rel" using trans Rel'_def unfolding trans_def by blast next fix S1 S2 define Rel' where "Rel' = Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" hence "(TargetTerm (⟦S1⟧), SourceTerm S1) ∈ Rel'" by simp moreover assume "(SourceTerm S1, SourceTerm S2) ∈ Rel" with Rel'_def have "(SourceTerm S1, SourceTerm S2) ∈ Rel'" by simp moreover from encR Rel'_def have "(SourceTerm S2, TargetTerm (⟦S2⟧)) ∈ Rel'" by simp ultimately have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" using trans Rel'_def unfolding trans_def by blast with trel have "(⟦S1⟧, ⟦S2⟧) ∈ TRel" by simp with fullAbs show "(S1, S2) ∈ SRel" by simp qed lemma (in encoding) full_abstraction_impl_trans_relation_contains_SRel_iff_TRel: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and encR: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and trans: "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" shows "(∀S1 S2. (⟦S1⟧, ⟦S2⟧) ∈ TRel ⟷ (TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel) ⟷ (SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel})" proof assume "∀S1 S2. ((⟦S1⟧, ⟦S2⟧) ∈ TRel) = ((TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel)" thus "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" using assms full_abstraction_and_trans_relation_contains_TRel_impl_SRel[where SRel="SRel" and TRel="TRel"] by blast next assume "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" thus "∀S1 S2. (⟦S1⟧, ⟦S2⟧) ∈ TRel ⟷ (TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" using assms full_abstraction_and_trans_relation_contains_SRel_impl_TRel[where SRel="SRel" and TRel="TRel"] by blast qed lemma (in encoding) full_abstraction_impl_trans_relation_contains_SRel_iff_TRel_encRL: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and encR: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and encL: "∀S. (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and trans: "trans Rel" shows "(∀S1 S2. (⟦S1⟧, ⟦S2⟧) ∈ TRel ⟷ (TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel) ⟷ (SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel})" proof - from encL have "Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} = Rel" by auto with fullAbs encR trans show ?thesis using full_abstraction_impl_trans_relation_contains_SRel_iff_TRel[where Rel="Rel" and SRel="SRel" and TRel="TRel"] by simp qed text ‹Full abstraction ensures that SRel and TRel satisfy the same basic properties that can be defined on their pairs. In particular: (1) SRel is refl iff TRel reduced to translated source terms is refl (2) if the encoding is surjective then SRel is refl iff TRel is refl (3) SRel is sym iff TRel reduced to translated source terms is sym (4) SRel is trans iff TRel reduced to translated source terms is trans› lemma (in encoding) full_abstraction_impl_SRel_iff_TRel_is_refl: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" shows "refl SRel ⟷ (∀S. (⟦S⟧, ⟦S⟧) ∈ TRel)" unfolding refl_on_def by (simp add: fullAbs) lemma (in encoding) full_abstraction_and_surjectivity_impl_SRel_iff_TRel_is_refl: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and surj: "∀T. ∃S. T = ⟦S⟧" shows "refl SRel ⟷ refl TRel" proof assume reflS: "refl SRel" show "refl TRel" unfolding refl_on_def proof auto fix T from surj obtain S where "T = ⟦S⟧" by blast moreover from reflS have "(S, S) ∈ SRel" unfolding refl_on_def by simp with fullAbs have "(⟦S⟧, ⟦S⟧) ∈ TRel" by simp ultimately show "(T, T) ∈ TRel" by simp qed next assume "refl TRel" with fullAbs show "refl SRel" unfolding refl_on_def by simp qed lemma (in encoding) full_abstraction_impl_SRel_iff_TRel_is_sym: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" shows "sym SRel ⟷ sym {(T1, T2). ∃S1 S2. T1 = ⟦S1⟧ ∧ T2 = ⟦S2⟧ ∧ (T1, T2) ∈ TRel}" unfolding sym_def by (simp add: fullAbs, blast) lemma (in encoding) full_abstraction_and_surjectivity_impl_SRel_iff_TRel_is_sym: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and surj: "∀T. ∃S. T = ⟦S⟧" shows "sym SRel ⟷ sym TRel" using fullAbs surj full_abstraction_impl_SRel_iff_TRel_is_sym[where SRel="SRel" and TRel="TRel"] by auto lemma (in encoding) full_abstraction_impl_SRel_iff_TRel_is_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" shows "trans SRel ⟷ trans {(T1, T2). ∃S1 S2. T1 = ⟦S1⟧ ∧ T2 = ⟦S2⟧ ∧ (T1, T2) ∈ TRel}" unfolding trans_def by (simp add: fullAbs, blast) lemma (in encoding) full_abstraction_and_surjectivity_impl_SRel_iff_TRel_is_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and surj: "∀T. ∃S. T = ⟦S⟧" shows "trans SRel ⟷ trans TRel" using fullAbs surj full_abstraction_impl_SRel_iff_TRel_is_trans[where SRel="SRel" and TRel="TRel"] by auto text ‹Similarly, a fully abstract encoding that respects a predicate ensures the this predicate is preserved, reflected, or respected by SRel iff it is preserved, reflected, or respected by TRel.› lemma (in encoding) full_abstraction_and_enc_respects_pred_impl_SRel_iff_TRel_preserve: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and Pred :: "('procS, 'procT) Proc ⇒ bool" assumes fullAbs: "fully_abstract SRel TRel" and encP: "enc_respects_pred Pred" shows "rel_preserves_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred ⟷ rel_preserves_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" proof assume presS: "rel_preserves_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred" show "rel_preserves_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" proof clarify fix SP SQ assume "Pred (TargetTerm (⟦SP⟧))" with encP have "Pred (SourceTerm SP)" by simp moreover assume "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" with fullAbs have "(SP, SQ) ∈ SRel" by simp ultimately have "Pred (SourceTerm SQ)" using presS by blast with encP show "Pred (TargetTerm (⟦SQ⟧))" by simp qed next assume presT: "rel_preserves_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" show "rel_preserves_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred" proof clarify fix SP SQ assume "Pred (SourceTerm SP)" with encP have "Pred (TargetTerm (⟦SP⟧))" by simp moreover assume "(SP, SQ) ∈ SRel" with fullAbs have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp ultimately have "Pred (TargetTerm (⟦SQ⟧))" using presT by blast with encP show "Pred (SourceTerm SQ)" by simp qed qed lemma (in encoding) full_abstraction_and_enc_respects_binary_pred_impl_SRel_iff_TRel_preserve: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" assumes fullAbs: "fully_abstract SRel TRel" and encP: "enc_respects_binary_pred Pred" shows "rel_preserves_binary_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred ⟷ rel_preserves_binary_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" proof assume presS: "rel_preserves_binary_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred" show "rel_preserves_binary_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" proof clarify fix x SP SQ assume "Pred (TargetTerm (⟦SP⟧)) x" with encP have "Pred (SourceTerm SP) x" by simp moreover assume "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" with fullAbs have "(SP, SQ) ∈ SRel" by simp ultimately have "Pred (SourceTerm SQ) x" using presS by blast with encP show "Pred (TargetTerm (⟦SQ⟧)) x" by simp qed next assume presT: "rel_preserves_binary_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" show "rel_preserves_binary_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred" proof clarify fix x SP SQ assume "Pred (SourceTerm SP) x" with encP have "Pred (TargetTerm (⟦SP⟧)) x" by simp moreover assume "(SP, SQ) ∈ SRel" with fullAbs have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp ultimately have "Pred (TargetTerm (⟦SQ⟧)) x" using presT by blast with encP show "Pred (SourceTerm SQ) x" by simp qed qed lemma (in encoding) full_abstraction_and_enc_respects_pred_impl_SRel_iff_TRel_reflects: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and Pred :: "('procS, 'procT) Proc ⇒ bool" assumes fullAbs: "fully_abstract SRel TRel" and encP: "enc_respects_pred Pred" shows "rel_reflects_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred ⟷ rel_reflects_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" proof assume reflS: "rel_reflects_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred" show "rel_reflects_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" proof clarify fix SP SQ assume "Pred (TargetTerm (⟦SQ⟧))" with encP have "Pred (SourceTerm SQ)" by simp moreover assume "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" with fullAbs have "(SP, SQ) ∈ SRel" by simp ultimately have "Pred (SourceTerm SP)" using reflS by blast with encP show "Pred (TargetTerm (⟦SP⟧))" by simp qed next assume reflT: "rel_reflects_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" show "rel_reflects_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred" proof clarify fix SP SQ assume "Pred (SourceTerm SQ)" with encP have "Pred (TargetTerm (⟦SQ⟧))" by simp moreover assume "(SP, SQ) ∈ SRel" with fullAbs have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp ultimately have "Pred (TargetTerm (⟦SP⟧))" using reflT by blast with encP show "Pred (SourceTerm SP)" by simp qed qed lemma (in encoding) full_abstraction_and_enc_respects_binary_pred_impl_SRel_iff_TRel_reflects: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" assumes fullAbs: "fully_abstract SRel TRel" and encP: "enc_respects_binary_pred Pred" shows "rel_reflects_binary_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred ⟷ rel_reflects_binary_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" proof assume reflS: "rel_reflects_binary_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred" show "rel_reflects_binary_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" proof clarify fix x SP SQ assume "Pred (TargetTerm (⟦SQ⟧)) x" with encP have "Pred (SourceTerm SQ) x" by simp moreover assume "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" with fullAbs have "(SP, SQ) ∈ SRel" by simp ultimately have "Pred (SourceTerm SP) x" using reflS by blast with encP show "Pred (TargetTerm (⟦SP⟧)) x" by simp qed next assume reflT: "rel_reflects_binary_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" show "rel_reflects_binary_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred" proof clarify fix x SP SQ assume "Pred (SourceTerm SQ) x" with encP have "Pred (TargetTerm (⟦SQ⟧)) x" by simp moreover assume "(SP, SQ) ∈ SRel" with fullAbs have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp ultimately have "Pred (TargetTerm (⟦SP⟧)) x" using reflT by blast with encP show "Pred (SourceTerm SP) x" by simp qed qed lemma (in encoding) full_abstraction_and_enc_respects_pred_impl_SRel_iff_TRel_respects: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and Pred :: "('procS, 'procT) Proc ⇒ bool" assumes fullAbs: "fully_abstract SRel TRel" and encP: "enc_respects_pred Pred" shows "rel_respects_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred ⟷ rel_respects_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" using assms full_abstraction_and_enc_respects_pred_impl_SRel_iff_TRel_preserve[where SRel="SRel" and TRel="TRel" and Pred="Pred"] full_abstraction_and_enc_respects_pred_impl_SRel_iff_TRel_reflects[where SRel="SRel" and TRel="TRel" and Pred="Pred"] by auto lemma (in encoding) full_abstraction_and_enc_respects_binary_pred_impl_SRel_iff_TRel_respects: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and Pred :: "('procS, 'procT) Proc ⇒ 'b ⇒ bool" assumes fullAbs: "fully_abstract SRel TRel" and encP: "enc_respects_binary_pred Pred" shows "rel_respects_binary_pred {(P, Q). ∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel} Pred ⟷ rel_respects_binary_pred {(P, Q). ∃SP SQ. ⟦SP⟧ ∈T P ∧ ⟦SQ⟧ ∈T Q ∧ (⟦SP⟧, ⟦SQ⟧) ∈ TRel} Pred" using assms full_abstraction_and_enc_respects_binary_pred_impl_SRel_iff_TRel_preserve[where SRel="SRel" and TRel="TRel" and Pred="Pred"] full_abstraction_and_enc_respects_binary_pred_impl_SRel_iff_TRel_reflects[where SRel="SRel" and TRel="TRel" and Pred="Pred"] by auto subsection ‹Full Abstraction w.r.t. Preorders› text ‹If there however exists a trans relation Rel that relates source terms and their literal translations in both directions, then the encoding is fully abstract with respect to the reduction of Rel to source terms and the reduction of Rel to target terms.› lemma (in encoding) trans_source_target_relation_impl_full_abstraction: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes enc: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and trans: "trans Rel" shows "fully_abstract {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" proof auto fix S1 S2 assume "(SourceTerm S1, SourceTerm S2) ∈ Rel" with enc trans show "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" unfolding trans_def by blast next fix S1 S2 assume "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" with enc trans show "(SourceTerm S1, SourceTerm S2) ∈ Rel" unfolding trans_def by blast qed lemma (in encoding) source_target_relation_impl_full_abstraction_wrt_trans_closures: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes enc: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" shows "fully_abstract {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel⇧+} {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel⇧+}" proof auto fix S1 S2 from enc have "(TargetTerm (⟦S1⟧), SourceTerm S1) ∈ Rel⇧+" by blast moreover assume "(SourceTerm S1, SourceTerm S2) ∈ Rel⇧+" ultimately have "(TargetTerm (⟦S1⟧), SourceTerm S2) ∈ Rel⇧+" by simp moreover from enc have "(SourceTerm S2, TargetTerm (⟦S2⟧)) ∈ Rel⇧+" by blast ultimately show "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel⇧+" by simp next fix S1 S2 from enc have "(SourceTerm S1, TargetTerm (⟦S1⟧)) ∈ Rel⇧+" by blast moreover assume "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel⇧+" ultimately have "(SourceTerm S1, TargetTerm (⟦S2⟧)) ∈ Rel⇧+" by simp moreover from enc have "(TargetTerm (⟦S2⟧), SourceTerm S2) ∈ Rel⇧+" by blast ultimately show "(SourceTerm S1, SourceTerm S2) ∈ Rel⇧+" by simp qed lemma (in encoding) quasi_trans_source_target_relation_impl_full_abstraction: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes enc: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and srel: "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and trel: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and trans: "∀P Q R. (P, Q) ∈ Rel ∧ (Q, R) ∈ Rel ∧ ((P ∈ ProcS ∧ Q ∈ ProcT) ∨ (P ∈ ProcT ∧ Q ∈ ProcS)) ⟶ (P, R) ∈ Rel" shows "fully_abstract SRel TRel" proof auto fix S1 S2 from enc have "(TargetTerm (⟦S1⟧), SourceTerm S1) ∈ Rel" by simp moreover assume "(S1, S2) ∈ SRel" with srel have "(SourceTerm S1, SourceTerm S2) ∈ Rel" by simp ultimately have "(TargetTerm (⟦S1⟧), SourceTerm S2) ∈ Rel" using trans by blast moreover from enc have "(SourceTerm S2, TargetTerm (⟦S2⟧)) ∈ Rel" by simp ultimately have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" using trans by blast with trel show "(⟦S1⟧, ⟦S2⟧) ∈ TRel" by simp next fix S1 S2 from enc have "(SourceTerm S1, TargetTerm (⟦S1⟧)) ∈ Rel" by simp moreover assume "(⟦S1⟧, ⟦S2⟧) ∈ TRel" with trel have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" by simp ultimately have "(SourceTerm S1, TargetTerm (⟦S2⟧)) ∈ Rel" using trans by blast moreover from enc have "(TargetTerm (⟦S2⟧), SourceTerm S2) ∈ Rel" by simp ultimately have "(SourceTerm S1, SourceTerm S2) ∈ Rel" using trans by blast with srel show "(S1, S2) ∈ SRel" by simp qed text ‹If an encoding is fully abstract w.r.t. SRel and TRel, then we can conclude from a pair in indRelRTPO or indRelSTEQ on a pair in TRel and SRel.› lemma (in encoding) full_abstraction_impl_indRelRSTPO_to_SRel_and_TRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes fullAbs: "fully_abstract SRel TRel" and rel: "P ≲⟦⋅⟧R<SRel,TRel> Q" shows "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel⇧+" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ TRel⇧*" proof - have fullAbsT: "∀S1 S2. (S1, S2) ∈ SRel⇧+ ⟶ (⟦S1⟧, ⟦S2⟧) ∈ TRel⇧+" proof clarify fix S1 S2 assume "(S1, S2) ∈ SRel⇧+" thus "(⟦S1⟧, ⟦S2⟧) ∈ TRel⇧+" proof induct fix S2 assume "(S1, S2) ∈ SRel" with fullAbs show "(⟦S1⟧, ⟦S2⟧) ∈ TRel⇧+" by simp next case (step S2 S3) assume "(⟦S1⟧, ⟦S2⟧) ∈ TRel⇧+" moreover assume "(S2, S3) ∈ SRel" with fullAbs have "(⟦S2⟧, ⟦S3⟧) ∈ TRel⇧+" by simp ultimately show "(⟦S1⟧, ⟦S3⟧) ∈ TRel⇧+" by simp qed qed with rel show "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel⇧+" using indRelRSTPO_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] by simp show "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ TRel⇧*" proof clarify fix SP TQ assume "SP ∈S P" and "TQ ∈T Q" with rel obtain S where A1: "(SP, S) ∈ SRel⇧*" and A2: "(⟦S⟧, TQ) ∈ TRel⇧*" using indRelRSTPO_to_SRel_and_TRel(2)[where SRel="SRel" and TRel="TRel"] by blast from A1 have "SP = S ∨ (SP, S) ∈ SRel⇧+" using rtrancl_eq_or_trancl[of SP S SRel] by blast with fullAbsT have "(⟦SP⟧, ⟦S⟧) ∈ TRel⇧*" by fast from this A2 show "(⟦SP⟧, TQ) ∈ TRel⇧*" by simp qed qed lemma (in encoding) full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and P Q :: "('procS, 'procT) Proc" assumes fA: "fully_abstract SRel TRel" and transT: "trans TRel" and reflS: "refl SRel" and rel: "P ∼⟦⋅⟧<SRel,TRel> Q" shows "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (SP, SQ) ∈ SRel" and "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel" and "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ TRel" and "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (TP, ⟦SQ⟧) ∈ TRel" and "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel" using rel proof induct case (encR S) show "∀SP SQ. SP ∈S SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ (SP, SQ) ∈ SRel" and "∀SP SQ. SP ∈S SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel" and "∀TP SQ. TP ∈T SourceTerm S ∧ SQ ∈S TargetTerm (⟦S⟧) ⟶ (TP, ⟦SQ⟧) ∈ TRel" and "∀TP TQ. TP ∈T SourceTerm S ∧ TQ ∈T TargetTerm (⟦S⟧) ⟶ (TP, TQ) ∈ TRel" by simp+ from reflS fA show "∀SP TQ. SP ∈S SourceTerm S ∧ TQ ∈T TargetTerm (⟦S⟧) ⟶ (⟦SP⟧, TQ) ∈ TRel" unfolding refl_on_def by simp next case (encL S) show "∀SP SQ. SP ∈S TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ (SP, SQ) ∈ SRel" and "∀SP SQ. SP ∈S TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel" and "∀SP TQ. SP ∈S TargetTerm (⟦S⟧) ∧ TQ ∈T SourceTerm S ⟶ (⟦SP⟧, TQ) ∈ TRel" and "∀TP TQ. TP ∈T TargetTerm (⟦S⟧) ∧ TQ ∈T SourceTerm S ⟶ (TP, TQ) ∈ TRel" by simp+ with reflS fA show "∀TP SQ. TP ∈T TargetTerm (⟦S⟧) ∧ SQ ∈S SourceTerm S ⟶ (TP, ⟦SQ⟧) ∈ TRel" unfolding refl_on_def by simp next case (source S1 S2) show "∀SP TQ. SP ∈S SourceTerm S1 ∧ TQ ∈T SourceTerm S2 ⟶ (⟦SP⟧, TQ) ∈ TRel" and "∀TP SQ. TP ∈T SourceTerm S1 ∧ SQ ∈S SourceTerm S2 ⟶ (TP, ⟦SQ⟧) ∈ TRel" and "∀TP TQ. TP ∈T SourceTerm S1 ∧ TQ ∈T SourceTerm S2 ⟶ (TP, TQ) ∈ TRel" by simp+ assume "(S1, S2) ∈ SRel" thus "∀SP SQ. SP ∈S SourceTerm S1 ∧ SQ ∈S SourceTerm S2 ⟶ (SP, SQ) ∈ SRel" by simp with fA show "∀SP SQ. SP ∈S SourceTerm S1 ∧ SQ ∈S SourceTerm S2 ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp next case (target T1 T2) show "∀SP SQ. SP ∈S TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (SP, SQ) ∈ SRel" and "∀SP SQ. SP ∈S TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel" and "∀SP TQ. SP ∈S TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (⟦SP⟧, TQ) ∈ TRel" and "∀TP SQ. TP ∈T TargetTerm T1 ∧ SQ ∈S TargetTerm T2 ⟶ (TP, ⟦SQ⟧) ∈ TRel" by simp+ assume "(T1, T2) ∈ TRel" thus "∀TP TQ. TP ∈T TargetTerm T1 ∧ TQ ∈T TargetTerm T2 ⟶ (TP, TQ) ∈ TRel" by simp next case (trans P Q R) assume A1: "∀SP SQ. SP ∈S P ∧ SQ ∈S Q ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel" and A2: "∀SP TQ. SP ∈S P ∧ TQ ∈T Q ⟶ (⟦SP⟧, TQ) ∈ TRel" and A3: "∀TP SQ. TP ∈T P ∧ SQ ∈S Q ⟶ (TP, ⟦SQ⟧) ∈ TRel" and A4: "∀TP TQ. TP ∈T P ∧ TQ ∈T Q ⟶ (TP, TQ) ∈ TRel" and A5: "∀SQ SR. SQ ∈S Q ∧ SR ∈S R ⟶ (⟦SQ⟧, ⟦SR⟧) ∈ TRel" and A6: "∀SQ TR. SQ ∈S Q ∧ TR ∈T R ⟶ (⟦SQ⟧, TR) ∈ TRel" and A7: "∀TQ SR. TQ ∈T Q ∧ SR ∈S R ⟶ (TQ, ⟦SR⟧) ∈ TRel" and A8: "∀TQ TR. TQ ∈T Q ∧ TR ∈T R ⟶ (TQ, TR) ∈ TRel" show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ (⟦SP⟧, ⟦SR⟧) ∈ TRel" proof clarify fix SP SR assume A9: "SP ∈S P" and A10: "SR ∈S R" show "(⟦SP⟧, ⟦SR⟧) ∈ TRel" proof (cases Q) case (SourceTerm SQ) assume A11: "SQ ∈S Q" with A1 A9 have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by blast moreover from A5 A10 A11 have "(⟦SQ⟧, ⟦SR⟧) ∈ TRel" by blast ultimately show "(⟦SP⟧, ⟦SR⟧) ∈ TRel" using transT unfolding trans_def by blast next case (TargetTerm TQ) assume A11: "TQ ∈T Q" with A2 A9 have "(⟦SP⟧, TQ) ∈ TRel" by blast moreover from A7 A10 A11 have "(TQ, ⟦SR⟧) ∈ TRel" by blast ultimately show "(⟦SP⟧, ⟦SR⟧) ∈ TRel" using transT unfolding trans_def by blast qed qed with fA show "∀SP SR. SP ∈S P ∧ SR ∈S R ⟶ (SP, SR) ∈ SRel" by simp show "∀SP TR. SP ∈S P ∧ TR ∈T R ⟶ (⟦SP⟧, TR) ∈ TRel" proof clarify fix SP TR assume A9: "SP ∈S P" and A10: "TR ∈T R" show "(⟦SP⟧, TR) ∈ TRel" proof (cases Q) case (SourceTerm SQ) assume A11: "SQ ∈S Q" with A1 A9 have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by blast moreover from A6 A10 A11 have "(⟦SQ⟧, TR) ∈ TRel" by blast ultimately show "(⟦SP⟧, TR) ∈ TRel" using transT unfolding trans_def by blast next case (TargetTerm TQ) assume A11: "TQ ∈T Q" with A2 A9 have "(⟦SP⟧, TQ) ∈ TRel" by blast moreover from A8 A10 A11 have "(TQ, TR) ∈ TRel" by blast ultimately show "(⟦SP⟧, TR) ∈ TRel" using transT unfolding trans_def by blast qed qed show "∀TP SR. TP ∈T P ∧ SR ∈S R ⟶ (TP, ⟦SR⟧) ∈ TRel" proof clarify fix TP SR assume A9: "TP ∈T P" and A10: "SR ∈S R" show "(TP, ⟦SR⟧) ∈ TRel" proof (cases Q) case (SourceTerm SQ) assume A11: "SQ ∈S Q" with A3 A9 have "(TP, ⟦SQ⟧) ∈ TRel" by blast moreover from A5 A10 A11 have "(⟦SQ⟧, ⟦SR⟧) ∈ TRel" by blast ultimately show "(TP, ⟦SR⟧) ∈ TRel" using transT unfolding trans_def by blast next case (TargetTerm TQ) assume A11: "TQ ∈T Q" with A4 A9 have "(TP, TQ) ∈ TRel" by blast moreover from A7 A10 A11 have "(TQ, ⟦SR⟧) ∈ TRel" by blast ultimately show "(TP, ⟦SR⟧) ∈ TRel" using transT unfolding trans_def by blast qed qed show "∀TP TR. TP ∈T P ∧ TR ∈T R ⟶ (TP, TR) ∈ TRel" proof clarify fix TP TR assume A9: "TP ∈T P" and A10: "TR ∈T R" show "(TP, TR) ∈ TRel" proof (cases Q) case (SourceTerm SQ) assume A11: "SQ ∈S Q" with A3 A9 have "(TP, ⟦SQ⟧) ∈ TRel" by blast moreover from A6 A10 A11 have "(⟦SQ⟧, TR) ∈ TRel" by blast ultimately show "(TP, TR) ∈ TRel" using transT unfolding trans_def by blast next case (TargetTerm TQ) assume A11: "TQ ∈T Q" with A4 A9 have "(TP, TQ) ∈ TRel" by blast moreover from A8 A10 A11 have "(TQ, TR) ∈ TRel" by blast ultimately show "(TP, TR) ∈ TRel" using transT unfolding trans_def by blast qed qed qed text ‹If an encoding is fully abstract w.r.t. a preorder SRel on the source and a trans relation TRel on the target, then there exists a trans relation, namely indRelSTEQ, that relates source terms and their literal translations in both direction such that its reductions to source terms is SRel and its reduction to target terms is TRel.› lemma (in encoding) full_abstraction_wrt_preorders_impl_trans_source_target_relation: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and reflS: "refl SRel" and transT: "trans TRel" shows "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel" proof - have "∀S. SourceTerm S ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦S⟧) ∧ TargetTerm (⟦S⟧) ∼⟦⋅⟧<SRel,TRel> SourceTerm S" using indRelSTEQ.encR[where SRel="SRel" and TRel="TRel"] indRelSTEQ.encL[where SRel="SRel" and TRel="TRel"] by blast moreover have "SRel = {(S1, S2). SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2}" proof auto fix S1 S2 assume "(S1, S2) ∈ SRel" thus "SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2" by (rule indRelSTEQ.source[where SRel="SRel" and TRel="TRel"]) next fix S1 S2 assume "SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2" with fullAbs reflS transT show "(S1, S2) ∈ SRel" using full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] by blast qed moreover have "TRel = {(T1, T2). TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2}" proof auto fix T1 T2 assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2" by (rule indRelSTEQ.target[where SRel="SRel" and TRel="TRel"]) next fix T1 T2 assume "TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2" with fullAbs reflS transT show "(T1, T2) ∈ TRel" using full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel(5)[where SRel="SRel" and TRel="TRel"] by blast qed moreover have "trans (indRelSTEQ SRel TRel)" using indRelSTEQ.trans[where SRel="SRel" and TRel="TRel"] unfolding trans_def by blast ultimately show ?thesis by blast qed text ‹Thus an encoding is fully abstract w.r.t. a preorder SRel on the source and a trans relation TRel on the target iff there exists a trans relation that relates source terms and their literal translations in both directions and whose reduction to source/target terms is SRel/TRel.› theorem (in encoding) fully_abstract_wrt_preorders_iff_source_target_relation_is_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" shows "(fully_abstract SRel TRel ∧ refl SRel ∧ trans TRel) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel)" proof (rule iffI) assume "fully_abstract SRel TRel ∧ refl SRel ∧ trans TRel" thus "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel" using full_abstraction_wrt_preorders_impl_trans_source_target_relation[where SRel="SRel" and TRel="TRel"] by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and A2: "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and A3: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and A4: "trans Rel" by blast hence "fully_abstract SRel TRel" using trans_source_target_relation_impl_full_abstraction[where Rel="Rel"] by blast moreover have "refl SRel" unfolding refl_on_def proof auto fix S from A1 have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by blast moreover from A1 have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" by blast ultimately have "(SourceTerm S, SourceTerm S) ∈ Rel" using A4 unfolding trans_def by blast with A2 show "(S, S) ∈ SRel" by blast qed moreover from A3 A4 have "trans TRel" unfolding trans_def by blast ultimately show "fully_abstract SRel TRel ∧ refl SRel ∧ trans TRel" by blast qed subsection ‹Full Abstraction w.r.t. Equivalences› text ‹If there exists a relation Rel that relates source terms and their literal translations and whose sym closure is trans, then the encoding is fully abstract with respect to the reduction of the sym closure of Rel to source/target terms.› lemma (in encoding) source_target_relation_with_trans_symcl_impl_full_abstraction: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes enc: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and trans: "trans (symcl Rel)" shows "fully_abstract {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel}" proof auto fix S1 S2 from enc have "(TargetTerm (⟦S1⟧), SourceTerm S1) ∈ symcl Rel" by (simp add: symcl_def) moreover assume "(SourceTerm S1, SourceTerm S2) ∈ symcl Rel" moreover from enc have "(SourceTerm S2, TargetTerm (⟦S2⟧)) ∈ symcl Rel" by (simp add: symcl_def) ultimately show "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ symcl Rel" using trans unfolding trans_def by blast next fix S1 S2 from enc have "(SourceTerm S1, TargetTerm (⟦S1⟧)) ∈ symcl Rel" by (simp add: symcl_def) moreover assume "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ symcl Rel" moreover from enc have "(TargetTerm (⟦S2⟧), SourceTerm S2) ∈ symcl Rel" by (simp add: symcl_def) ultimately show "(SourceTerm S1, SourceTerm S2) ∈ symcl Rel" using trans unfolding trans_def by blast qed text ‹If an encoding is fully abstract w.r.t. the equivalences SRel and TRel, then there exists a preorder, namely indRelRSTPO, that relates source terms and their literal translations such that its reductions to source terms is SRel and its reduction to target terms is TRel.› lemma (in encoding) fully_abstract_wrt_equivalences_impl_symcl_source_target_relation_is_preorder: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and reflT: "refl TRel" and symmT: "sym TRel" and transT: "trans TRel" shows "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel} ∧ preorder (symcl Rel)" proof - from fullAbs reflT have reflS: "refl SRel" unfolding refl_on_def by auto from fullAbs symmT have symmS: "sym SRel" unfolding sym_def by auto from fullAbs transT have transS: "trans SRel" unfolding trans_def by blast have "∀S. SourceTerm S ≲⟦⋅⟧R<SRel,TRel> TargetTerm (⟦S⟧)" using indRelRSTPO.encR[where SRel="SRel" and TRel="TRel"] by blast moreover have "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl (indRelRSTPO SRel TRel)}" proof auto fix S1 S2 assume "(S1, S2) ∈ SRel" thus "(SourceTerm S1, SourceTerm S2) ∈ symcl (indRelRSTPO SRel TRel)" by (simp add: symcl_def indRelRSTPO.source[where SRel="SRel" and TRel="TRel"]) next fix S1 S2 assume "(SourceTerm S1, SourceTerm S2) ∈ symcl (indRelRSTPO SRel TRel)" moreover from transS have "SourceTerm S1 ≲⟦⋅⟧R<SRel,TRel> SourceTerm S2 ⟹ (S1, S2) ∈ SRel" using indRelRSTPO_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] trancl_id[of SRel] by blast moreover from symmS transS have "SourceTerm S2 ≲⟦⋅⟧R<SRel,TRel> SourceTerm S1 ⟹ (S1, S2) ∈ SRel" using indRelRSTPO_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] trancl_id[of SRel] unfolding sym_def by blast ultimately show "(S1, S2) ∈ SRel" by (auto simp add: symcl_def) qed moreover have "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl (indRelRSTPO SRel TRel)}" proof auto fix T1 T2 assume "(T1, T2) ∈ TRel" thus "(TargetTerm T1, TargetTerm T2) ∈ symcl (indRelRSTPO SRel TRel)" by (simp add: symcl_def indRelRSTPO.target[where SRel="SRel" and TRel="TRel"]) next fix T1 T2 assume "(TargetTerm T1, TargetTerm T2) ∈ symcl (indRelRSTPO SRel TRel)" moreover from transT have "TargetTerm T1 ≲⟦⋅⟧R<SRel,TRel> TargetTerm T2 ⟹ (T1, T2) ∈ TRel" using indRelRSTPO_to_SRel_and_TRel(4)[where SRel="SRel" and TRel="TRel"] trancl_id[of TRel] by blast moreover from symmT transT have "TargetTerm T2 ≲⟦⋅⟧R<SRel,TRel> TargetTerm T1 ⟹ (T1, T2) ∈ TRel" using indRelRSTPO_to_SRel_and_TRel(4)[where SRel="SRel" and TRel="TRel"] trancl_id[of TRel] unfolding sym_def by blast ultimately show "(T1, T2) ∈ TRel" by (auto simp add: symcl_def) qed moreover have "refl (symcl (indRelRSTPO SRel TRel))" unfolding refl_on_def proof auto fix P show "(P, P) ∈ symcl (indRelRSTPO SRel TRel)" proof (cases P) case (SourceTerm SP) assume "SP ∈S P" with reflS show "(P, P) ∈ symcl (indRelRSTPO SRel TRel)" unfolding refl_on_def by (simp add: symcl_def indRelRSTPO.source) next case (TargetTerm TP) assume "TP ∈T P" with reflT show "(P, P) ∈ symcl (indRelRSTPO SRel TRel)" unfolding refl_on_def by (simp add: symcl_def indRelRSTPO.target) qed qed moreover have "trans (symcl (indRelRSTPO SRel TRel))" proof - have "∀P Q R. P ≲⟦⋅⟧R<SRel,TRel> Q ∧ R ≲⟦⋅⟧R<SRel,TRel> Q ∧ (P, R) ∉ (indRelRSTPO SRel TRel) ⟶ Q ≲⟦⋅⟧R<SRel,TRel> P ∨ Q ≲⟦⋅⟧R<SRel,TRel> R" proof clarify fix P Q R assume A1: "P ≲⟦⋅⟧R<SRel,TRel> Q" and A2: "R ≲⟦⋅⟧R<SRel,TRel> Q" and A3: "(P, R) ∉ (indRelRSTPO SRel TRel)" and A4: "(Q, R) ∉ (indRelRSTPO SRel TRel)" show "Q ≲⟦⋅⟧R<SRel,TRel> P" proof (cases P) case (SourceTerm SP) assume A5: "SP ∈S P" show "Q ≲⟦⋅⟧R<SRel,TRel> P" proof (cases Q) case (SourceTerm SQ) assume A6: "SQ ∈S Q" with transS A1 A5 have "(SP, SQ) ∈ SRel" using indRelRSTPO_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] trancl_id[of SRel] by blast with symmS A5 A6 show "Q ≲⟦⋅⟧R<SRel,TRel> P" unfolding sym_def by (simp add: indRelRSTPO.source) next case (TargetTerm TQ) assume A6: "TQ ∈T Q" show "Q ≲⟦⋅⟧R<SRel,TRel> P" proof (cases R) case (SourceTerm SR) assume A7: "SR ∈S R" with fullAbs A2 A6 have "(⟦SR⟧, TQ) ∈ TRel⇧*" using full_abstraction_impl_indRelRSTPO_to_SRel_and_TRel(2)[where SRel="SRel" and TRel="TRel"] trancl_id[of "TRel⇧="] reflcl_of_refl_rel[of TRel] trancl_reflcl[of TRel] unfolding trans_def by blast with transT reflT have "(⟦SR⟧, TQ) ∈ TRel" using trancl_id[of "TRel⇧="] reflcl_of_refl_rel[of TRel] trancl_reflcl[of TRel] by auto with symmT have "(TQ, ⟦SR⟧) ∈ TRel" unfolding sym_def by simp moreover from fullAbs A1 A5 A6 have "(⟦SP⟧, TQ) ∈ TRel⇧*" using full_abstraction_impl_indRelRSTPO_to_SRel_and_TRel(2)[where SRel="SRel" and TRel="TRel"] unfolding trans_def by blast with transT reflT have "(⟦SP⟧, TQ) ∈ TRel" using trancl_id[of "TRel⇧="] reflcl_of_refl_rel[of TRel] trancl_reflcl[of TRel] by auto ultimately have "(⟦SP⟧, ⟦SR⟧) ∈ TRel" using transT unfolding trans_def by blast with fullAbs have "(SP, SR) ∈ SRel" by simp with A3 A5 A7 show ?thesis by (simp add: indRelRSTPO.source) next case (TargetTerm TR) assume A7: "TR ∈T R" with transT A2 A6 have "(TR, TQ) ∈ TRel" using indRelRSTPO_to_SRel_and_TRel(4)[where SRel="SRel" and TRel="TRel"] trancl_id[of "TRel"] by blast with symmT have "(TQ, TR) ∈ TRel" unfolding sym_def by simp with A4 A6 A7 show ?thesis by (simp add: indRelRSTPO.target) qed qed next case (TargetTerm TP) assume A5: "TP ∈T P" show "Q ≲⟦⋅⟧R<SRel,TRel> P" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A1 A5 show ?thesis using indRelRSTPO_to_SRel_and_TRel(3)[where SRel="SRel" and TRel="TRel"] by blast next case (TargetTerm TQ) assume A6: "TQ ∈T Q" with transT A1 A5 have "(TP, TQ) ∈ TRel" using indRelRSTPO_to_SRel_and_TRel(4)[where SRel="SRel" and TRel="TRel"] trancl_id[of "TRel"] by blast with symmT have "(TQ, TP) ∈ TRel" unfolding sym_def by simp with A5 A6 show "Q ≲⟦⋅⟧R<SRel,TRel> P" by (simp add: indRelRSTPO.target) qed qed qed moreover have "∀P Q R. P ≲⟦⋅⟧R<SRel,TRel> Q ∧ P ≲⟦⋅⟧R<SRel,TRel> R ∧ (Q, R) ∉ (indRelRSTPO SRel TRel) ⟶ Q ≲⟦⋅⟧R<SRel,TRel> P ∨ R ≲⟦⋅⟧R<SRel,TRel> P" proof clarify fix P Q R assume A1: "P ≲⟦⋅⟧R<SRel,TRel> Q" and A2: "P ≲⟦⋅⟧R<SRel,TRel> R" and A3: "(Q, R) ∉ (indRelRSTPO SRel TRel)" and A4: "(R, P) ∉ (indRelRSTPO SRel TRel)" show "Q ≲⟦⋅⟧R<SRel,TRel> P" proof (cases P) case (SourceTerm SP) assume A5: "SP ∈S P" show "Q ≲⟦⋅⟧R<SRel,TRel> P" proof (cases Q) case (SourceTerm SQ) assume A6: "SQ ∈S Q" with transS A1 A5 have "(SP, SQ) ∈ SRel" using indRelRSTPO_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] trancl_id[of "SRel"] by blast with symmS A5 A6 show "Q ≲⟦⋅⟧R<SRel,TRel> P" unfolding sym_def by (simp add: indRelRSTPO.source) next case (TargetTerm TQ) assume A6: "TQ ∈T Q" show "Q ≲⟦⋅⟧R<SRel,TRel> P" proof (cases R) case (SourceTerm SR) assume A7: "SR ∈S R" with transS A2 A5 have "(SP, SR) ∈ SRel" using indRelRSTPO_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] trancl_id[of "SRel"] by blast with symmS have "(SR, SP) ∈ SRel" unfolding sym_def by simp with A4 A5 A7 show ?thesis by (simp add: indRelRSTPO.source) next case (TargetTerm TR) from fullAbs A1 A5 A6 have "(⟦SP⟧, TQ) ∈ TRel⇧*" using full_abstraction_impl_indRelRSTPO_to_SRel_and_TRel(2)[where SRel="SRel" and TRel="TRel"] unfolding trans_def by blast with transT reflT have "(⟦SP⟧, TQ) ∈ TRel" using trancl_id[of "TRel⇧="] reflcl_of_refl_rel[of TRel] trancl_reflcl[of TRel] by auto with symmT have "(TQ, ⟦SP⟧) ∈ TRel" unfolding sym_def by simp moreover assume A7: "TR ∈T R" with fullAbs A2 A5 have "(⟦SP⟧, TR) ∈ TRel⇧*" using full_abstraction_impl_indRelRSTPO_to_SRel_and_TRel(2)[where SRel="SRel" and TRel="TRel"] unfolding trans_def by blast with transT reflT have "(⟦SP⟧, TR) ∈ TRel" using trancl_id[of "TRel⇧="] reflcl_of_refl_rel[of TRel] trancl_reflcl[of TRel] by auto ultimately have "(TQ, TR) ∈ TRel" using transT unfolding trans_def by blast with A3 A6 A7 show ?thesis by (simp add: indRelRSTPO.target) qed qed next case (TargetTerm TP) assume A5: "TP ∈T P" show "Q ≲⟦⋅⟧R<SRel,TRel> P" proof (cases Q) case (SourceTerm SQ) assume "SQ ∈S Q" with A1 A5 show ?thesis using indRelRSTPO_to_SRel_and_TRel(3)[where SRel="SRel" and TRel="TRel"] by blast next case (TargetTerm TQ) assume A6: "TQ ∈T Q" with transT A1 A5 have "(TP, TQ) ∈ TRel" using indRelRSTPO_to_SRel_and_TRel(4)[where SRel="SRel" and TRel="TRel"] trancl_id[of "TRel"] by blast with symmT have "(TQ, TP) ∈ TRel" unfolding sym_def by simp with A5 A6 show "Q ≲⟦⋅⟧R<SRel,TRel> P" by (simp add: indRelRSTPO.target) qed qed qed moreover from reflS reflT have "refl (indRelRSTPO SRel TRel)" using indRelRSTPO_refl[where SRel="SRel" and TRel="TRel"] by blast moreover have "trans (indRelRSTPO SRel TRel)" using indRelRSTPO.trans[where SRel="SRel" and TRel="TRel"] unfolding trans_def by blast ultimately show "trans (symcl (indRelRSTPO SRel TRel))" using symm_closure_of_preorder_is_trans[where Rel="indRelRSTPO SRel TRel"] by blast qed ultimately show ?thesis unfolding preorder_on_def by blast qed lemma (in encoding) fully_abstract_impl_symcl_source_target_relation_is_preorder: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract ((symcl (SRel⇧=))⇧+) ((symcl (TRel⇧=))⇧+)" shows "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ ((symcl (SRel⇧=))⇧+) = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} ∧ ((symcl (TRel⇧=))⇧+) = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel} ∧ preorder (symcl Rel)" proof - have "refl ((symcl (TRel⇧=))⇧+)" using refl_symm_trans_closure_is_symm_refl_trans_closure[of TRel] refl_rtrancl[of TRel] unfolding sym_def refl_on_def by auto moreover have "sym ((symcl (TRel⇧=))⇧+)" using sym_symcl[of "TRel⇧="] sym_trancl[of "symcl (TRel⇧=)"] by simp moreover have "trans ((symcl (TRel⇧=))⇧+)" by simp ultimately show ?thesis using fully_abstract_wrt_equivalences_impl_symcl_source_target_relation_is_preorder[where SRel="(symcl (SRel⇧=))⇧+" and TRel="(symcl (TRel⇧=))⇧+"] fullAbs refl_symm_closure_is_symm_refl_closure unfolding preorder_on_def by blast qed lemma (in encoding) fully_abstract_wrt_preorders_impl_source_target_relation_is_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" shows "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ ((refl SRel ∧ trans TRel) ⟷ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}))" proof - define Rel where "Rel = (indRelSTEQ SRel TRel) - ({(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ {(P, Q). ∃S1 S2. S1 ∈S P ∧ S2 ∈S Q ∧ (S1, S2) ∉ SRel} ∪ {(P, Q). ∃T1 T2. T1 ∈T P ∧ T2 ∈T Q ∧ (T1, T2) ∉ TRel})" from Rel_def have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelSTEQ.encR[where SRel="SRel" and TRel="TRel"]) moreover from Rel_def have "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" proof auto fix S1 S2 assume "(S1, S2) ∈ SRel" thus "SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2" by (simp add: indRelSTEQ.source[where SRel="SRel" and TRel="TRel"]) qed moreover from Rel_def have "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" proof auto fix T1 T2 assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2" by (simp add: indRelSTEQ.target[where SRel="SRel" and TRel="TRel"]) qed moreover have "(refl SRel ∧ trans TRel) ⟷ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" proof (rule iffI, erule conjE) assume reflS: "refl SRel" and transT: "trans TRel" have "Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} = indRelSTEQ SRel TRel" proof (auto simp add: Rel_def) fix S show "TargetTerm (⟦S⟧) ∼⟦⋅⟧<SRel,TRel> SourceTerm S" by (rule indRelSTEQ.encL) next fix S1 S2 assume "SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2" with fullAbs reflS transT have "(S1, S2) ∈ SRel" using full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] by blast moreover assume "(S1, S2) ∉ SRel" ultimately show False by simp next fix T1 T2 assume "TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2" with fullAbs reflS transT have "(T1, T2) ∈ TRel" using full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel(5)[where SRel="SRel" and TRel="TRel"] by blast moreover assume "(T1, T2) ∉ TRel" ultimately show False by simp qed thus "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" using indRelSTEQ_trans[where SRel="SRel" and TRel="TRel"] unfolding trans_def by blast next assume transR: "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" show "refl SRel ∧ trans TRel" unfolding trans_def refl_on_def proof auto fix S from Rel_def have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" by (simp add: indRelSTEQ.encR) moreover have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" by simp ultimately have "(SourceTerm S, SourceTerm S) ∈ Rel" using transR unfolding trans_def by blast with Rel_def show "(S, S) ∈ SRel" by simp next fix TP TQ TR assume "(TP, TQ) ∈ TRel" with Rel_def have "(TargetTerm TP, TargetTerm TQ) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" by (simp add: indRelSTEQ.target) moreover assume "(TQ, TR) ∈ TRel" with Rel_def have "(TargetTerm TQ, TargetTerm TR) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" by (simp add: indRelSTEQ.target) ultimately have "(TargetTerm TP, TargetTerm TR) ∈ Rel" using transR unfolding trans_def by blast with Rel_def show "(TP, TR) ∈ TRel" by simp qed qed ultimately show ?thesis by blast qed lemma (in encoding) fully_abstract_wrt_preorders_impl_source_target_relation_is_trans_B: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and reflT: "refl TRel" and transT: "trans TRel" shows "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" proof - define Rel where "Rel = (indRelSTEQ SRel TRel) - {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" from fullAbs reflT have reflS: "refl SRel" unfolding refl_on_def by auto from Rel_def have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelSTEQ.encR[where SRel="SRel" and TRel="TRel"]) moreover from Rel_def have "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" proof auto fix S1 S2 assume "(S1, S2) ∈ SRel" thus "SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2" by (simp add: indRelSTEQ.source[where SRel="SRel" and TRel="TRel"]) next fix S1 S2 assume "SourceTerm S1 ∼⟦⋅⟧<SRel,TRel> SourceTerm S2" with fullAbs transT reflS show "(S1, S2) ∈ SRel" using full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel(1)[where SRel="SRel" and TRel="TRel"] by blast qed moreover from Rel_def have "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" proof auto fix T1 T2 assume "(T1, T2) ∈ TRel" thus "TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2" by (simp add: indRelSTEQ.target[where SRel="SRel" and TRel="TRel"]) next fix T1 T2 assume "TargetTerm T1 ∼⟦⋅⟧<SRel,TRel> TargetTerm T2" with fullAbs transT reflS show "(T1, T2) ∈ TRel" using full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel(5)[where SRel="SRel" and TRel="TRel"] by blast qed moreover from Rel_def have "Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} = indRelSTEQ SRel TRel" by (auto simp add: indRelSTEQ.encL) hence "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" using indRelSTEQ.trans[where SRel="SRel" and TRel="TRel"] unfolding trans_def by auto ultimately show ?thesis by blast qed text ‹Thus an encoding is fully abstract w.r.t. an equivalence SRel on the source and an equivalence TRel on the target iff there exists a relation that relates source terms and their literal translations, whose sym closure is a preorder such that the reduction of this sym closure to source/target terms is SRel/TRel.› lemma (in encoding) fully_abstract_wrt_equivalences_iff_symcl_source_target_relation_is_preorder: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" shows "(fully_abstract SRel TRel ∧ equivalence TRel) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel} ∧ preorder (symcl Rel))" proof (rule iffI) assume "fully_abstract SRel TRel ∧ equivalence TRel" thus "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel} ∧ preorder (symcl Rel)" using fully_abstract_wrt_equivalences_impl_symcl_source_target_relation_is_preorder[where SRel="SRel" and TRel="TRel"] unfolding equiv_def by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel} ∧ preorder (symcl Rel)" from this obtain Rel where "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel}" and A1: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel}" and A2: "preorder (symcl Rel)" by blast hence A5: "fully_abstract SRel TRel" using source_target_relation_with_trans_symcl_impl_full_abstraction[where Rel="Rel"] unfolding preorder_on_def by blast moreover have "equivalence TRel" unfolding trans_def equiv_def sym_def refl_on_def proof auto fix T from A1 A2 show "(T, T) ∈ TRel" unfolding preorder_on_def refl_on_def by blast next fix T1 T2 assume "(T1, T2) ∈ TRel" with A1 show "(T2, T1) ∈ TRel" by (auto simp add: symcl_def) next fix T1 T2 T3 assume "(T1, T2) ∈ TRel" and "(T2, T3) ∈ TRel" with A1 A2 show "(T1, T3) ∈ TRel" unfolding trans_def preorder_on_def by blast qed ultimately show "fully_abstract SRel TRel ∧ equivalence TRel" by blast qed lemma (in encoding) fully_abstract_iff_symcl_source_target_relation_is_preorder: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" shows "fully_abstract ((symcl (SRel⇧=))⇧+) ((symcl (TRel⇧=))⇧+) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (symcl (SRel⇧=))⇧+ = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} ∧ (symcl (TRel⇧=))⇧+ = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel} ∧ preorder (symcl Rel))" proof (rule iffI) assume "fully_abstract ((symcl (SRel⇧=))⇧+) ((symcl (TRel⇧=))⇧+)" thus "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (symcl (SRel⇧=))⇧+ = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} ∧ (symcl (TRel⇧=))⇧+ = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel} ∧ preorder (symcl Rel)" using fully_abstract_impl_symcl_source_target_relation_is_preorder[where SRel="SRel" and TRel="TRel"] by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (symcl (SRel⇧=))⇧+ = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel} ∧ (symcl (TRel⇧=))⇧+ = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel} ∧ preorder (symcl Rel)" from this obtain Rel where "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and "(symcl (SRel⇧=))⇧+ = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ symcl Rel}" and A1: "(symcl (TRel⇧=))⇧+ = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ symcl Rel}" and A2: "preorder (symcl Rel)" by blast thus "fully_abstract ((symcl (SRel⇧=))⇧+) ((symcl (TRel⇧=))⇧+)" using source_target_relation_with_trans_symcl_impl_full_abstraction[where Rel="Rel"] unfolding preorder_on_def by blast qed subsection ‹Full Abstraction without Relating Translations to their Source Terms› text ‹Let Rel be the result of removing from indRelSTEQ all pairs of two source or two target terms that are not contained in SRel or TRel. Then a fully abstract encoding ensures that Rel is trans iff SRel is refl and TRel is trans.› lemma (in encoding) full_abstraction_impl_indRelSTEQ_is_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" and Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes fullAbs: "fully_abstract SRel TRel" and rel: "Rel = ((indRelSTEQ SRel TRel) - {(P, Q). (P ∈ ProcS ∧ Q ∈ ProcS) ∨ (P ∈ ProcT ∧ Q ∈ ProcT)}) ∪ {(P, Q). (∃SP SQ. SP ∈S P ∧ SQ ∈S Q ∧ (SP, SQ) ∈ SRel) ∨ (∃TP TQ. TP ∈T P ∧ TQ ∈T Q ∧ (TP, TQ) ∈ TRel)}" shows "(refl SRel ∧ trans TRel) = trans Rel" unfolding trans_def proof auto fix P Q R assume A1: "refl SRel" and A2: "∀x y. (x, y) ∈ TRel ⟶ (∀z. (y, z) ∈ TRel ⟶ (x, z) ∈ TRel)" and A3: "(P, Q) ∈ Rel" and A4: "(Q, R) ∈ Rel" from fullAbs rel have A5: "∀SP SQ. (SourceTerm SP, SourceTerm SQ) ∈ Rel ⟶ (⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp from rel have A6: "∀TP TQ. (TargetTerm TP, TargetTerm TQ) ∈ Rel ⟶ (TP, TQ) ∈ TRel" by simp have A7: "∀SP TQ. (SourceTerm SP, TargetTerm TQ) ∈ Rel ⟶ (⟦SP⟧, TQ) ∈ TRel" proof clarify fix SP TQ assume "(SourceTerm SP, TargetTerm TQ) ∈ Rel" with rel have "SourceTerm SP ∼⟦⋅⟧<SRel,TRel> TargetTerm TQ" by simp with A1 A2 fullAbs show "(⟦SP⟧, TQ) ∈ TRel" using full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel(3)[where SRel="SRel" and TRel="TRel"] unfolding trans_def by blast qed have A8: "∀TP SQ. (TargetTerm TP, SourceTerm SQ) ∈ Rel ⟶ (TP, ⟦SQ⟧) ∈ TRel" proof clarify fix TP SQ assume "(TargetTerm TP, SourceTerm SQ) ∈ Rel" with rel have "TargetTerm TP ∼⟦⋅⟧<SRel,TRel> SourceTerm SQ" by simp with A1 A2 fullAbs show "(TP, ⟦SQ⟧) ∈ TRel" using full_abstraction_wrt_preorders_impl_indRelSTEQ_to_SRel_and_TRel(4)[where SRel="SRel" and TRel="TRel"] unfolding trans_def by blast qed show "(P, R) ∈ Rel" proof (cases P) case (SourceTerm SP) assume A9: "SP ∈S P" show "(P, R) ∈ Rel" proof (cases Q) case (SourceTerm SQ) assume A10: "SQ ∈S Q" with A3 A5 A9 have A11: "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp show "(P, R) ∈ Rel" proof (cases R) case (SourceTerm SR) assume A12: "SR ∈S R" with A4 A5 A10 have "(⟦SQ⟧, ⟦SR⟧) ∈ TRel" by simp with A2 A11 have "(⟦SP⟧, ⟦SR⟧) ∈ TRel" by blast with fullAbs have "(SP, SR) ∈ SRel" by simp with rel A9 A12 show "(P, R) ∈ Rel" by simp next case (TargetTerm TR) assume A12: "TR ∈T R" from A9 have "P ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦SP⟧)" by (simp add: indRelSTEQ.encR) moreover from A4 A7 A10 A12 have "(⟦SQ⟧, TR) ∈ TRel" by simp with A2 A11 have "(⟦SP⟧, TR) ∈ TRel" by blast with A12 have "TargetTerm (⟦SP⟧) ∼⟦⋅⟧<SRel,TRel> R" by (simp add: indRelSTEQ.target) ultimately have "P ∼⟦⋅⟧<SRel, TRel> R" by (rule indRelSTEQ.trans) with rel A9 A12 show "(P, R) ∈ Rel" by simp qed next case (TargetTerm TQ) assume A10: "TQ ∈T Q" with A3 A7 A9 have A11: "(⟦SP⟧, TQ) ∈ TRel" by simp show "(P, R) ∈ Rel" proof (cases R) case (SourceTerm SR) assume A12: "SR ∈S R" with A4 A8 A10 have "(TQ, ⟦SR⟧) ∈ TRel" by simp with A2 A11 have "(⟦SP⟧, ⟦SR⟧) ∈ TRel" by blast with fullAbs have "(SP, SR) ∈ SRel" by simp with rel A9 A12 show "(P, R) ∈ Rel" by simp next case (TargetTerm TR) assume A12: "TR ∈T R" from A9 have "P ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦SP⟧)" by (simp add: indRelSTEQ.encR) moreover from A4 A6 A10 A12 have "(TQ, TR) ∈ TRel" by simp with A2 A11 have "(⟦SP⟧, TR) ∈ TRel" by blast with A12 have "TargetTerm (⟦SP⟧) ∼⟦⋅⟧<SRel,TRel> R" by (simp add: indRelSTEQ.target) ultimately have "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) with A9 A12 rel show "(P, R) ∈ Rel" by simp qed qed next case (TargetTerm TP) assume A9: "TP ∈T P" show "(P, R) ∈ Rel" proof (cases Q) case (SourceTerm SQ) assume A10: "SQ ∈S Q" with A3 A8 A9 have A11: "(TP, ⟦SQ⟧) ∈ TRel" by simp show "(P, R) ∈ Rel" proof (cases R) case (SourceTerm SR) assume A12: "SR ∈S R" with A4 A5 A10 have "(⟦SQ⟧, ⟦SR⟧) ∈ TRel" by simp with A2 A11 have "(TP, ⟦SR⟧) ∈ TRel" by blast with A9 have "P ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦SR⟧)" by (simp add: indRelSTEQ.target) moreover from A12 have "TargetTerm (⟦SR⟧) ∼⟦⋅⟧<SRel,TRel> R" by (simp add: indRelSTEQ.encL) ultimately have "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) with rel A9 A12 show "(P, R) ∈ Rel" by simp next case (TargetTerm TR) assume A12: "TR ∈T R" with A4 A7 A10 have "(⟦SQ⟧, TR) ∈ TRel" by simp with A2 A11 have "(TP, TR) ∈ TRel" by blast with rel A9 A12 show "(P, R) ∈ Rel" by simp qed next case (TargetTerm TQ) assume A10: "TQ ∈T Q" with A3 A6 A9 have A11: "(TP, TQ) ∈ TRel" by simp show "(P, R) ∈ Rel" proof (cases R) case (SourceTerm SR) assume A12: "SR ∈S R" with A4 A8 A10 have "(TQ, ⟦SR⟧) ∈ TRel" by simp with A2 A11 have "(TP, ⟦SR⟧) ∈ TRel" by blast with A9 have "P ∼⟦⋅⟧<SRel,TRel> TargetTerm (⟦SR⟧)" by (simp add: indRelSTEQ.target) moreover from A12 have "TargetTerm (⟦SR⟧) ∼⟦⋅⟧<SRel,TRel> R" by (simp add: indRelSTEQ.encL) ultimately have "P ∼⟦⋅⟧<SRel,TRel> R" by (rule indRelSTEQ.trans) with rel A9 A12 show "(P, R) ∈ Rel" by simp next case (TargetTerm TR) assume A12: "TR ∈T R" with A4 A6 A10 have "(TQ, TR) ∈ TRel" by simp with A2 A11 have "(TP, TR) ∈ TRel" by blast with A9 A12 rel show "(P, R) ∈ Rel" by simp qed qed qed next assume B: "∀x y. (x, y) ∈ Rel ⟶ (∀z. (y, z) ∈ Rel ⟶ (x, z) ∈ Rel)" thus "refl SRel" unfolding refl_on_def proof auto fix S from rel have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelSTEQ.encR) moreover from rel have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" by (simp add: indRelSTEQ.encL) ultimately have "(SourceTerm S, SourceTerm S) ∈ Rel" using B by blast with rel show "(S, S) ∈ SRel" by simp qed next fix TP TQ TR assume "∀x y. (x, y) ∈ Rel ⟶ (∀z. (y, z) ∈ Rel ⟶ (x, z) ∈ Rel)" moreover assume "(TP, TQ) ∈ TRel" with rel have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "(TQ, TR) ∈ TRel" with rel have "(TargetTerm TQ, TargetTerm TR) ∈ Rel" by simp ultimately have "(TargetTerm TP, TargetTerm TR) ∈ Rel" by blast with rel show "(TP, TR) ∈ TRel" by simp qed text ‹Whenever an encoding induces a trans relation that includes SRel and TRel and relates source terms to their literal translations in both directions, the encoding is fully abstract w.r.t. SRel and TRel.› lemma (in encoding) trans_source_target_relation_impl_fully_abstract: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" and SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes enc: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and srel: "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and trel: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and trans: "trans Rel" shows "fully_abstract SRel TRel" proof auto fix S1 S2 assume "(S1, S2) ∈ SRel" with srel have "(SourceTerm S1, SourceTerm S2) ∈ Rel" by simp with enc trans have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" unfolding trans_def by blast with trel show "(⟦S1⟧, ⟦S2⟧) ∈ TRel" by simp next fix S1 S2 assume "(⟦S1⟧, ⟦S2⟧) ∈ TRel" with trel have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" by simp with enc trans have "(SourceTerm S1, SourceTerm S2) ∈ Rel" unfolding trans_def by blast with srel show "(S1, S2) ∈ SRel" by simp qed text ‹Assume TRel is a preorder. Then an encoding is fully abstract w.r.t. SRel and TRel iff there exists a relation that relates add least all source terms to their literal translations, includes SRel and TRel, and whose union with the relation that relates exactly all literal translations to their source terms is trans.› lemma (in encoding) source_target_relation_with_trans_impl_full_abstraction: fixes Rel :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set" assumes enc: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and trans: "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" shows "fully_abstract {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" proof auto fix S1 S2 define Rel' where "Rel' = Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" from Rel'_def have "(TargetTerm (⟦S1⟧), SourceTerm S1) ∈ Rel'" by simp moreover assume "(SourceTerm S1, SourceTerm S2) ∈ Rel" with Rel'_def have "(SourceTerm S1, SourceTerm S2) ∈ Rel'" by simp moreover from enc Rel'_def have "(SourceTerm S2, TargetTerm (⟦S2⟧)) ∈ Rel'" by simp ultimately show "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" using trans Rel'_def unfolding trans_def by blast next fix S1 S2 define Rel' where "Rel' = Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}" from enc Rel'_def have "(SourceTerm S1, TargetTerm (⟦S1⟧)) ∈ Rel'" by simp moreover assume "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel" with Rel'_def have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel'" by simp moreover from Rel'_def have "(TargetTerm (⟦S2⟧), SourceTerm S2) ∈ Rel'" by simp ultimately show "(SourceTerm S1, SourceTerm S2) ∈ Rel" using trans Rel'_def unfolding trans_def by blast qed lemma (in encoding) fully_abstract_wrt_preorders_iff_source_target_relation_is_transB: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes preord: "preorder TRel" shows "fully_abstract SRel TRel = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q}))" proof (rule iffI) assume "fully_abstract SRel TRel" with preord show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" using fully_abstract_wrt_preorders_impl_source_target_relation_is_trans[where SRel="SRel" and TRel="TRel"] unfolding preorder_on_def refl_on_def by auto next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" from this obtain Rel where "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" by blast thus "fully_abstract SRel TRel" using source_target_relation_with_trans_impl_full_abstraction[where Rel="Rel"] by blast qed text ‹The same holds if to obtain transitivity the union may contain additional pairs that do neither relate two source nor two target terms.› lemma (in encoding) fully_abstract_wrt_preorders_iff_source_target_relation_union_is_trans: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" shows "(fully_abstract SRel TRel ∧ refl SRel ∧ trans TRel) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∃Rel'. (∀(P, Q) ∈ Rel'. P ∈ ProcS ⟷ Q ∈ ProcT) ∧ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel')))" proof (rule iffI, (erule conjE)+) assume "fully_abstract SRel TRel" and "refl SRel" and "trans TRel" from this obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and A3: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and A4: "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" using fully_abstract_wrt_preorders_impl_source_target_relation_is_trans[where SRel="SRel" and TRel="TRel"] by blast have "∀(P, Q) ∈ {}. P ∈ ProcS ⟷ Q ∈ ProcT" by simp moreover from A4 have "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ {})" unfolding trans_def by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∃Rel'. (∀(P, Q) ∈ Rel'. P ∈ ProcS ⟷ Q ∈ ProcT) ∧ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'))" using A1 A2 A3 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∃Rel'. (∀(P, Q) ∈ Rel'. P ∈ ProcS ⟷ Q ∈ ProcT) ∧ trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'))" from this obtain Rel Rel' where B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and B2: "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and B3: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and B4: "∀(P, Q) ∈ Rel'. P ∈ ProcS ⟷ Q ∈ ProcT" and B5: "trans (Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel')" by blast have "fully_abstract SRel TRel" proof auto fix S1 S2 have "(TargetTerm (⟦S1⟧), SourceTerm S1) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'" by simp moreover assume "(S1, S2) ∈ SRel" with B2 have "(SourceTerm S1, SourceTerm S2) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'" by simp moreover from B1 have "(SourceTerm S2, TargetTerm (⟦S2⟧)) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'" by simp ultimately have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel ∪ Rel'" using B5 unfolding trans_def by blast with B3 B4 show "(⟦S1⟧, ⟦S2⟧) ∈ TRel" by blast next fix S1 S2 from B1 have "(SourceTerm S1, TargetTerm (⟦S1⟧)) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'" by simp moreover assume "(⟦S1⟧, ⟦S2⟧) ∈ TRel" with B3 have "(TargetTerm (⟦S1⟧), TargetTerm (⟦S2⟧)) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'" by simp moreover have "(TargetTerm (⟦S2⟧), SourceTerm S2) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'" by simp ultimately have "(SourceTerm S1, SourceTerm S2) ∈ Rel ∪ Rel'" using B5 unfolding trans_def by blast with B2 B4 show "(S1, S2) ∈ SRel" by blast qed moreover have "refl SRel" unfolding refl_on_def proof auto fix S from B1 have "(SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'" by simp moreover have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} ∪ Rel'" by simp ultimately have "(SourceTerm S, SourceTerm S) ∈ Rel ∪ Rel'" using B5 unfolding trans_def by blast with B2 B4 show "(S, S) ∈ SRel" by blast qed moreover have "trans TRel" unfolding trans_def proof clarify fix TP TQ TR assume "(TP, TQ) ∈ TRel" and "(TQ, TR) ∈ TRel" with B3 B4 B5 show "(TP, TR) ∈ TRel" unfolding trans_def by blast qed ultimately show "fully_abstract SRel TRel ∧ refl SRel ∧ trans TRel" by blast qed end
Theory CombinedCriteria
theory CombinedCriteria imports DivergenceReflection SuccessSensitiveness FullAbstraction OperationalCorrespondence begin section ‹Combining Criteria› text ‹So far we considered the effect of single criteria on encodings. Often the quality of an encoding is prescribed by a set of different criteria. In the following we analyse the combined effect of criteria. This way we can compare criteria as well as identify side effects that result from combinations of criteria. We start with some technical lemmata. To combine the effect of different criteria we combine the conditions they induce. If their effect can be described by a predicate on the pairs of the relation, as in the case of success sensitiveness or divergence reflection, combining the effects is simple.› lemma (in encoding) criterion_iff_source_target_relation_impl_indRelR: fixes Cond :: "('procS ⇒ 'procT) ⇒ bool" and Pred :: "(('procS, 'procT) Proc × ('procS, 'procT) Proc) set ⇒ bool" assumes "Cond enc = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ Pred Rel)" shows "Cond enc = (∃Rel'. Pred (indRelR ∪ Rel'))" proof (rule iffI) assume "Cond enc" with assms obtain Rel where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and A2: "Pred Rel" by blast from A1 have "Rel = indRelR ∪ (Rel - indRelR)" by (auto simp add: indRelR.simps) with A2 have "Pred (indRelR ∪ (Rel - indRelR))" by simp thus "∃Rel'. Pred (indRelR ∪ Rel')" by blast next assume "∃Rel'. Pred (indRelR ∪ Rel')" from this obtain Rel' where "Pred (indRelR ∪ Rel')" by blast moreover have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ (indRelR ∪ Rel')" by (simp add: indRelR.encR) ultimately show "Cond enc" using assms by blast qed lemma (in encoding) combine_conditions_on_pairs_of_relations: fixes RelA RelB :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) set" and CondA CondB :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) ⇒ bool" assumes "∀(P, Q) ∈ RelA. CondA (P, Q)" and "∀(P, Q) ∈ RelB. CondB (P, Q)" shows "(∀(P, Q) ∈ RelA ∩ RelB. CondA (P, Q)) ∧ (∀(P, Q) ∈ RelA ∩ RelB. CondB (P, Q))" using assms by blast lemma (in encoding) combine_conditions_on_sets_of_relations: fixes Rel RelA :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) set" and Cond :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) set ⇒ bool" and CondA :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) ⇒ bool" assumes "∀(P, Q) ∈ RelA. CondA (P, Q)" and "Cond Rel ∧ Rel ⊆ RelA" shows "Cond Rel ∧ (∀(P, Q) ∈ Rel. CondA (P, Q))" using assms by blast lemma (in encoding) combine_conditions_on_sets_and_pairs_of_relations: fixes Rel RelA RelB :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) set" and Cond :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) set ⇒ bool" and CondA CondB :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) ⇒ bool" assumes "∀(P, Q) ∈ RelA. CondA (P, Q)" and "∀(P, Q) ∈ RelB. CondB (P, Q)" and "Cond Rel ∧ Rel ⊆ RelA ∧ Rel ⊆ RelB" shows "Cond Rel ∧ (∀(P, Q) ∈ Rel. CondA (P, Q)) ∧ (∀(P, Q) ∈ Rel. CondB (P, Q))" using assms by blast text ‹We mapped several criteria on conditions on relations that relate at least all source terms and their literal translations. The following lemmata help us to combine such conditions by switching to the witness indRelR.› lemma (in encoding) combine_conditions_on_relations_indRelR: fixes RelA RelB :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) set" and Cond :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) set ⇒ bool" and CondA CondB :: "(('procS, 'procT) Proc ×('procS, 'procT) Proc) ⇒ bool" assumes A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ RelA" and A2: "∀(P, Q) ∈ RelA. CondA (P, Q)" and A3: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ RelB" and A4: "∀(P, Q) ∈ RelB. CondB (P, Q)" shows "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. CondA (P, Q)) ∧ (∀(P, Q) ∈ Rel. CondB (P, Q))" and "Cond indRelR ⟹ (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. CondA (P, Q)) ∧ (∀(P, Q) ∈ Rel. CondB (P, Q)) ∧ Cond Rel)" proof - have A5: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ indRelR" by (simp add: indRelR.encR) moreover have A6: "indRelR ⊆ RelA" proof clarify fix P Q assume "(P, Q) ∈ indRelR" from this A1 show "(P, Q) ∈ RelA" by (induct, simp) qed moreover have A7: "indRelR ⊆ RelB" proof clarify fix P Q assume "(P, Q) ∈ indRelR" from this A3 show "(P, Q) ∈ RelB" by (induct, simp) qed ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. CondA (P, Q)) ∧ (∀(P, Q) ∈ Rel. CondB (P, Q))" using combine_conditions_on_sets_and_pairs_of_relations[where RelA="RelA" and RelB="RelB" and CondA="CondA" and CondB="CondB" and Rel="indRelR" and Cond="λR. ∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ R"] A2 A4 by blast from A2 A4 A5 A6 A7 show "Cond indRelR ⟹ (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q) ∈ Rel. CondA (P, Q)) ∧ (∀(P, Q) ∈ Rel. CondB (P, Q)) ∧ Cond Rel)" using combine_conditions_on_sets_and_pairs_of_relations[where RelA="RelA" and RelB="RelB" and CondA="CondA" and CondB="CondB" and Rel="indRelR" and Cond="λR. ∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ R ∧ Cond R"] by blast qed lemma (in encoding) indRelR_cond_respects_predA_and_reflects_predB: fixes PredA PredB :: "('procS, 'procT) Proc ⇒ bool" shows "((∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel PredA) ∧ (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel PredB)) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel PredA ∧ rel_reflects_pred Rel PredB)" proof (rule iffI, erule conjE) assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel PredA" from this obtain RelA where A1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ RelA" and A2: "rel_respects_pred RelA PredA" by blast assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel PredB" from this obtain RelB where A3: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ RelB" and A4: "rel_reflects_pred RelB PredB" by blast from A2 have "∀(P, Q) ∈ RelA. PredA P ⟷ PredA Q" by blast moreover from A4 have "∀(P, Q) ∈ RelB. PredB Q ⟶ PredB P" by blast ultimately have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀(P, Q)∈Rel. PredA P = PredA Q) ∧ (∀(P, Q)∈Rel. PredB Q ⟶ PredB P)" using combine_conditions_on_relations_indRelR(1)[where RelA="RelA" and RelB="RelB" and CondA="λ(P, Q). PredA P ⟷ PredA Q" and CondB="λ(P, Q). PredB Q ⟶ PredB P"] A1 A3 by simp thus "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel PredA ∧ rel_reflects_pred Rel PredB" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel PredA ∧ rel_reflects_pred Rel PredB" thus "(∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_pred Rel PredA) ∧ (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_reflects_pred Rel PredB)" by blast qed subsection ‹Divergence Reflection and Success Sensitiveness› text ‹We combine results on divergence reflection and success sensitiveness to analyse their combined effect on an encoding function. An encoding is success sensitive and reflects divergence iff there exists a relation that relates source terms and their literal translations that reflects divergence and respects success.› lemma (in encoding_wrt_barbs) WSS_DR_iff_source_target_rel: fixes success :: "'barbs" shows "(enc_weakly_respects_barb_set {success} ∧ enc_reflects_divergence) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target))" proof - have "∀Rel. rel_reflects_divergence Rel (STCal Source Target) = rel_reflects_pred Rel divergentST" by (simp add: divergentST_STCal_divergent) moreover have "∀Rel. (rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} = rel_respects_pred Rel (λP. P⇓.success))" by (simp add: STCalWB_reachesBarbST) ultimately show "(enc_weakly_respects_barb_set {success} ∧ enc_reflects_divergence) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target))" using success_sensitive_iff_source_target_rel_weakly_respects_success(1) divergence_reflection_iff_source_target_rel_reflects_divergence indRelR_cond_respects_predA_and_reflects_predB[where PredA="λP. P⇓.success" and PredB="divergentST"] by simp qed lemma (in encoding_wrt_barbs) SS_DR_iff_source_target_rel: fixes success :: "'barbs" shows "(enc_respects_barb_set {success} ∧ enc_reflects_divergence) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target))" proof - have "∀Rel. rel_reflects_divergence Rel (STCal Source Target) = rel_reflects_pred Rel divergentST" by (simp add: divergentST_STCal_divergent) moreover have "∀Rel. (rel_respects_barb_set Rel (STCalWB SWB TWB) {success} = rel_respects_pred Rel (λP. P↓.success))" by (simp add: STCalWB_hasBarbST) ultimately show "(enc_respects_barb_set {success} ∧ enc_reflects_divergence) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target))" using success_sensitive_iff_source_target_rel_respects_success(1) divergence_reflection_iff_source_target_rel_reflects_divergence indRelR_cond_respects_predA_and_reflects_predB[where PredA="λP. P↓.success" and PredB="divergentST"] by simp qed subsection ‹Adding Operational Correspondence› text ‹The effect of operational correspondence includes conditions (TRel is included, transitivity) that require a witness like indRelRTPO. In order to combine operational correspondence with success sensitiveness, we show that if the encoding and TRel (weakly) respects barbs than indRelRTPO (weakly) respects barbs. Since success is only a specific kind of barbs, the same holds for success sensitiveness.› lemma (in encoding_wrt_barbs) enc_and_TRel_impl_indRelRTPO_weakly_respects_success: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" assumes encRS: "enc_weakly_respects_barb_set {success}" and trelPS: "rel_weakly_preserves_barb_set TRel TWB {success}" and trelRS: "rel_weakly_reflects_barb_set TRel TWB {success}" shows "rel_weakly_respects_barb_set (indRelRTPO TRel) (STCalWB SWB TWB) {success}" proof auto fix P Q P' assume "P ≲⟦⋅⟧RT<TRel> Q" and "P ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>success" thus "Q⇓<STCalWB SWB TWB>success" proof (induct arbitrary: P') case (encR S) assume "SourceTerm S ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>success" hence "S⇓<SWB>success" using STCalWB_reachesBarbST by blast with encRS have "⟦S⟧⇓<TWB>success" by simp thus "TargetTerm (⟦S⟧)⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast next case (source S) assume "SourceTerm S ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>success" thus "SourceTerm S⇓<STCalWB SWB TWB>success" by blast next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T1 ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>success" hence "T1⇓<TWB>success" using STCalWB_reachesBarbST by blast ultimately have "T2⇓<TWB>success" using trelPS by simp thus "TargetTerm T2⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast next case (trans P Q R) assume "P ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>success" and "⋀P'. P ⟼(Calculus (STCalWB SWB TWB))* P' ⟹ P'↓<STCalWB SWB TWB>success ⟹ Q⇓<STCalWB SWB TWB>success" hence "Q⇓<STCalWB SWB TWB>success" by simp moreover assume "⋀Q'. Q ⟼(Calculus (STCalWB SWB TWB))* Q' ⟹ Q'↓<STCalWB SWB TWB>success ⟹ R⇓<STCalWB SWB TWB>success" ultimately show "R⇓<STCalWB SWB TWB>success" by blast qed next fix P Q Q' assume "P ≲⟦⋅⟧RT<TRel> Q" and "Q ⟼(Calculus (STCalWB SWB TWB))* Q'" and "Q'↓<STCalWB SWB TWB>success" thus "P⇓<STCalWB SWB TWB>success" proof (induct arbitrary: Q') case (encR S) assume "TargetTerm (⟦S⟧) ⟼(Calculus (STCalWB SWB TWB))* Q'" and "Q'↓<STCalWB SWB TWB>success" hence "⟦S⟧⇓<TWB>success" using STCalWB_reachesBarbST by blast with encRS have "S⇓<SWB>success" by simp thus "SourceTerm S⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast next case (source S) assume "SourceTerm S ⟼(Calculus (STCalWB SWB TWB))* Q'" and "Q'↓<STCalWB SWB TWB>success" thus "SourceTerm S⇓<STCalWB SWB TWB>success" by blast next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T2 ⟼(Calculus (STCalWB SWB TWB))* Q'" and "Q'↓<STCalWB SWB TWB>success" hence "T2⇓<TWB>success" using STCalWB_reachesBarbST by blast ultimately have "T1⇓<TWB>success" using trelRS by blast thus "TargetTerm T1⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast next case (trans P Q R R') assume "R ⟼(Calculus (STCalWB SWB TWB))* R'" and "R'↓<STCalWB SWB TWB>success" and "⋀R'. R ⟼(Calculus (STCalWB SWB TWB))* R' ⟹ R'↓<STCalWB SWB TWB>success ⟹ Q⇓<STCalWB SWB TWB>success" hence "Q⇓<STCalWB SWB TWB>success" by simp moreover assume "⋀Q'. Q ⟼(Calculus (STCalWB SWB TWB))* Q' ⟹ Q'↓<STCalWB SWB TWB>success ⟹ P⇓<STCalWB SWB TWB>success" ultimately show "P⇓<STCalWB SWB TWB>success" by blast qed qed lemma (in encoding_wrt_barbs) enc_and_TRel_impl_indRelRTPO_weakly_respects_barbs: fixes TRel :: "('procT × 'procT) set" assumes encRS: "enc_weakly_respects_barbs" and trelPS: "rel_weakly_preserves_barbs TRel TWB" and trelRS: "rel_weakly_reflects_barbs TRel TWB" shows "rel_weakly_respects_barbs (indRelRTPO TRel) (STCalWB SWB TWB)" proof auto fix P Q x P' assume "P ≲⟦⋅⟧RT<TRel> Q" and "P ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>x" thus "Q⇓<STCalWB SWB TWB>x" proof (induct arbitrary: P') case (encR S) assume "SourceTerm S ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>x" hence "S⇓<SWB>x" using STCalWB_reachesBarbST by blast with encRS have "⟦S⟧⇓<TWB>x" by simp thus "TargetTerm (⟦S⟧)⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast next case (source S) assume "SourceTerm S ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>x" thus "SourceTerm S⇓<STCalWB SWB TWB>x" by blast next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T1 ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>x" hence "T1⇓<TWB>x" using STCalWB_reachesBarbST by blast ultimately have "T2⇓<TWB>x" using trelPS by simp thus "TargetTerm T2⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast next case (trans P Q R) assume "P ⟼(Calculus (STCalWB SWB TWB))* P'" and "P'↓<STCalWB SWB TWB>x" and "⋀P'. P ⟼(Calculus (STCalWB SWB TWB))* P' ⟹ P'↓<STCalWB SWB TWB>x ⟹ Q⇓<STCalWB SWB TWB>x" hence "Q⇓<STCalWB SWB TWB>x" by simp moreover assume "⋀Q'. Q ⟼(Calculus (STCalWB SWB TWB))* Q' ⟹ Q'↓<STCalWB SWB TWB>x ⟹ R⇓<STCalWB SWB TWB>x" ultimately show "R⇓<STCalWB SWB TWB>x" by blast qed next fix P Q x Q' assume "P ≲⟦⋅⟧RT<TRel> Q" and "Q ⟼(Calculus (STCalWB SWB TWB))* Q'" and "Q'↓<STCalWB SWB TWB>x" thus "P⇓<STCalWB SWB TWB>x" proof (induct arbitrary: Q') case (encR S) assume "TargetTerm (⟦S⟧) ⟼(Calculus (STCalWB SWB TWB))* Q'" and "Q'↓<STCalWB SWB TWB>x" hence "⟦S⟧⇓<TWB>x" using STCalWB_reachesBarbST by blast with encRS have "S⇓<SWB>x" by simp thus "SourceTerm S⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast next case (source S) assume "SourceTerm S ⟼(Calculus (STCalWB SWB TWB))* Q'" and "Q'↓<STCalWB SWB TWB>x" thus "SourceTerm S⇓<STCalWB SWB TWB>x" by blast next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T2 ⟼(Calculus (STCalWB SWB TWB))* Q'" and "Q'↓<STCalWB SWB TWB>x" hence "T2⇓<TWB>x" using STCalWB_reachesBarbST by blast ultimately have "T1⇓<TWB>x" using trelRS by blast thus "TargetTerm T1⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast next case (trans P Q R R') assume "R ⟼(Calculus (STCalWB SWB TWB))* R'" and "R'↓<STCalWB SWB TWB>x" and "⋀R'. R ⟼(Calculus (STCalWB SWB TWB))* R' ⟹ R'↓<STCalWB SWB TWB>x ⟹ Q⇓<STCalWB SWB TWB>x" hence "Q⇓<STCalWB SWB TWB>x" by simp moreover assume "⋀Q'. Q ⟼(Calculus (STCalWB SWB TWB))* Q' ⟹ Q'↓<STCalWB SWB TWB>x ⟹ P⇓<STCalWB SWB TWB>x" ultimately show "P⇓<STCalWB SWB TWB>x" by blast qed qed lemma (in encoding_wrt_barbs) enc_and_TRel_impl_indRelRTPO_respects_success: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" assumes encRS: "enc_respects_barb_set {success}" and trelPS: "rel_preserves_barb_set TRel TWB {success}" and trelRS: "rel_reflects_barb_set TRel TWB {success}" shows "rel_respects_barb_set (indRelRTPO TRel) (STCalWB SWB TWB) {success}" proof auto fix P Q assume "P ≲⟦⋅⟧RT<TRel> Q" and "P↓<STCalWB SWB TWB>success" thus "Q↓<STCalWB SWB TWB>success" proof induct case (encR S) assume "SourceTerm S↓<STCalWB SWB TWB>success" hence "S↓<SWB>success" using STCalWB_hasBarbST by blast with encRS have "⟦S⟧↓<TWB>success" by simp thus "TargetTerm (⟦S⟧)↓<STCalWB SWB TWB>success" using STCalWB_hasBarbST by blast next case (source S) assume "SourceTerm S↓<STCalWB SWB TWB>success" thus "SourceTerm S↓<STCalWB SWB TWB>success" by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T1↓<STCalWB SWB TWB>success" hence "T1↓<TWB>success" using STCalWB_hasBarbST by blast ultimately have "T2↓<TWB>success" using trelPS by simp thus "TargetTerm T2↓<STCalWB SWB TWB>success" using STCalWB_hasBarbST by blast next case (trans P Q R) assume "P↓<STCalWB SWB TWB>success" and "P↓<STCalWB SWB TWB>success ⟹ Q↓<STCalWB SWB TWB>success" and "Q↓<STCalWB SWB TWB>success ⟹ R↓<STCalWB SWB TWB>success" thus "R↓<STCalWB SWB TWB>success" by simp qed next fix P Q assume "P ≲⟦⋅⟧RT<TRel> Q" and "Q↓<STCalWB SWB TWB>success" thus "P↓<STCalWB SWB TWB>success" proof induct case (encR S) assume "TargetTerm (⟦S⟧)↓<STCalWB SWB TWB>success" hence "⟦S⟧↓<TWB>success" using STCalWB_hasBarbST by blast with encRS have "S↓<SWB>success" by simp thus "SourceTerm S↓<STCalWB SWB TWB>success" using STCalWB_hasBarbST by blast next case (source S) assume "SourceTerm S↓<STCalWB SWB TWB>success" thus "SourceTerm S↓<STCalWB SWB TWB>success" by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T2↓<STCalWB SWB TWB>success" hence "T2↓<TWB>success" using STCalWB_hasBarbST by blast ultimately have "T1↓<TWB>success" using trelRS by blast thus "TargetTerm T1↓<STCalWB SWB TWB>success" using STCalWB_hasBarbST by blast next case (trans P Q R) assume "R↓<STCalWB SWB TWB>success" and "R↓<STCalWB SWB TWB>success ⟹ Q↓<STCalWB SWB TWB>success" and "Q↓<STCalWB SWB TWB>success ⟹ P↓<STCalWB SWB TWB>success" thus "P↓<STCalWB SWB TWB>success" by simp qed qed lemma (in encoding_wrt_barbs) enc_and_TRel_impl_indRelRTPO_respects_barbs: fixes TRel :: "('procT × 'procT) set" assumes encRS: "enc_respects_barbs" and trelPS: "rel_preserves_barbs TRel TWB" and trelRS: "rel_reflects_barbs TRel TWB" shows "rel_respects_barbs (indRelRTPO TRel) (STCalWB SWB TWB)" proof auto fix P Q x assume "P ≲⟦⋅⟧RT<TRel> Q" and "P↓<STCalWB SWB TWB>x" thus "Q↓<STCalWB SWB TWB>x" proof induct case (encR S) assume "SourceTerm S↓<STCalWB SWB TWB>x" hence "S↓<SWB>x" using STCalWB_hasBarbST by blast with encRS have "⟦S⟧↓<TWB>x" by simp thus "TargetTerm (⟦S⟧)↓<STCalWB SWB TWB>x" using STCalWB_hasBarbST by blast next case (source S) assume "SourceTerm S↓<STCalWB SWB TWB>x" thus "SourceTerm S↓<STCalWB SWB TWB>x" by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T1↓<STCalWB SWB TWB>x" hence "T1↓<TWB>x" using STCalWB_hasBarbST by blast ultimately have "T2↓<TWB>x" using trelPS by simp thus "TargetTerm T2↓<STCalWB SWB TWB>x" using STCalWB_hasBarbST by blast next case (trans P Q R) assume "P↓<STCalWB SWB TWB>x" and "P↓<STCalWB SWB TWB>x ⟹ Q↓<STCalWB SWB TWB>x" and "Q↓<STCalWB SWB TWB>x ⟹ R↓<STCalWB SWB TWB>x" thus "R↓<STCalWB SWB TWB>x" by simp qed next fix P Q x assume "P ≲⟦⋅⟧RT<TRel> Q" and "Q↓<STCalWB SWB TWB>x" thus "P↓<STCalWB SWB TWB>x" proof induct case (encR S) assume "TargetTerm (⟦S⟧)↓<STCalWB SWB TWB>x" hence "⟦S⟧↓<TWB>x" using STCalWB_hasBarbST by blast with encRS have "S↓<SWB>x" by simp thus "SourceTerm S↓<STCalWB SWB TWB>x" using STCalWB_hasBarbST by blast next case (source S) assume "SourceTerm S↓<STCalWB SWB TWB>x" thus "SourceTerm S↓<STCalWB SWB TWB>x" by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T2↓<STCalWB SWB TWB>x" hence "T2↓<TWB>x" using STCalWB_hasBarbST by blast ultimately have "T1↓<TWB>x" using trelRS by blast thus "TargetTerm T1↓<STCalWB SWB TWB>x" using STCalWB_hasBarbST by blast next case (trans P Q R) assume "R↓<STCalWB SWB TWB>x" and "R↓<STCalWB SWB TWB>x ⟹ Q↓<STCalWB SWB TWB>x" and "Q↓<STCalWB SWB TWB>x ⟹ P↓<STCalWB SWB TWB>x" thus "P↓<STCalWB SWB TWB>x" by simp qed qed text ‹An encoding is success sensitive and operational corresponding w.r.t. a bisimulation TRel that respects success iff there exists a bisimultion that includes TRel and respects success. The same holds if we consider not only success sensitiveness but barb sensitiveness in general.› lemma (in encoding_wrt_barbs) OC_SS_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success}) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success})" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barb_set TRel TWB {success}" and A2: "rel_weakly_reflects_barb_set TRel TWB {success}" and A3: "enc_weakly_preserves_barb_set {success}" and A4: "enc_weakly_reflects_barb_set {success}" define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def have B2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" by (simp add: indRelRTPO.target) from Rel_def have B3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by (simp add: indRelRTPO_to_TRel(4)[where TRel="TRel"]) from Rel_def have B4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete (TRel⇧*)" and "operational_sound (TRel⇧*)" and "weak_reduction_simulation (TRel⇧+) Target" and "∀P Q Q'. (P, Q) ∈ TRel⇧+ ∧ Q ⟼Target* Q' ⟶ (∃P'. P ⟼Target* P' ∧ (P', Q') ∈ TRel⇧+)" with Rel_def have B5: "weak_reduction_bisimulation Rel (STCal Source Target)" using OC_iff_indRelRTPO_is_weak_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_weakly_respects_success[where TRel="TRel" and success="success"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using B1 B2 B3 B4 B5 B6 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" from this obtain Rel where C1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and C2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and C3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and C4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and C5: "weak_reduction_bisimulation Rel (STCal Source Target)" and C6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast hence "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target" using OC_iff_weak_reduction_bisimulation[where TRel="TRel"] by auto moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using C1 C6 by blast hence "enc_weakly_respects_barb_set {success}" using success_sensitive_iff_source_target_rel_weakly_respects_success by auto moreover have "rel_weakly_respects_barb_set TRel TWB {success}" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>success" hence "TargetTerm TP⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>success" using C6 by blast thus "TQ⇓<TWB>success" using STCalWB_reachesBarbST by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>success" hence "TargetTerm TQ⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>success" using C6 by blast thus "TP⇓<TWB>success" using STCalWB_reachesBarbST by blast qed ultimately show "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success}" by fast qed lemma (in encoding_wrt_barbs) OC_SS_RB_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target ∧ enc_weakly_respects_barbs ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barbs TRel TWB ∧ rel_weakly_respects_barb_set TRel TWB {success}) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success})" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barb_set TRel TWB {success}" and A2: "rel_weakly_reflects_barb_set TRel TWB {success}" and A3: "enc_weakly_preserves_barb_set {success}" and A4: "enc_weakly_reflects_barb_set {success}" and A5: "rel_weakly_preserves_barbs TRel TWB" and A6: "rel_weakly_reflects_barbs TRel TWB" and A7: "enc_weakly_preserves_barbs" and A8: "enc_weakly_reflects_barbs" define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def have B2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" by (simp add: indRelRTPO.target) from Rel_def have B3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by (simp add: indRelRTPO_to_TRel(4)[where TRel="TRel"]) from Rel_def have B4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete (TRel⇧*)" and "operational_sound (TRel⇧*)" and "weak_reduction_simulation (TRel⇧+) Target" and "∀P Q Q'. (P, Q) ∈ TRel⇧+ ∧ Q ⟼Target* Q' ⟶ (∃P'. P ⟼Target* P' ∧ (P', Q') ∈ TRel⇧+)" with Rel_def have B5: "weak_reduction_bisimulation Rel (STCal Source Target)" using OC_iff_indRelRTPO_is_weak_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_weakly_respects_success[where TRel="TRel" and success="success"] by blast from Rel_def A5 A6 A7 A8 have B7: "rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" using enc_and_TRel_impl_indRelRTPO_weakly_respects_barbs[where TRel="TRel"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using B1 B2 B3 B4 B5 B6 B7 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" from this obtain Rel where C: "(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" by auto hence C1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp from C have C2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" by simp from C have C3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by simp from C have C4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" by simp from C have C5: "weak_reduction_bisimulation Rel (STCal Source Target)" by simp from C have C7: "rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" apply (rule conjE) apply (erule conjE)+ by blast from C have C6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule conjE) apply (erule conjE)+ by blast from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast hence "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target" using OC_iff_weak_reduction_bisimulation[where TRel="TRel"] by auto moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using C1 C6 by blast hence "enc_weakly_respects_barb_set {success}" using success_sensitive_iff_source_target_rel_weakly_respects_success by auto moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" apply (rule exI) using C1 C7 by blast hence "enc_weakly_respects_barbs" using enc_weakly_respects_barbs_iff_source_target_rel by auto moreover have "rel_weakly_respects_barb_set TRel TWB {success}" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>success" hence "TargetTerm TP⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>success" using C6 by blast thus "TQ⇓<TWB>success" using STCalWB_reachesBarbST by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>success" hence "TargetTerm TQ⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>success" using C6 by blast thus "TP⇓<TWB>success" using STCalWB_reachesBarbST by blast qed moreover have "rel_weakly_respects_barbs TRel TWB" proof auto fix TP TQ x TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>x" hence "TargetTerm TP⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>x" using C7 by blast thus "TQ⇓<TWB>x" using STCalWB_reachesBarbST by blast next fix TP TQ x TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>x" hence "TargetTerm TQ⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>x" using C7 by blast thus "TP⇓<TWB>x" using STCalWB_reachesBarbST by blast qed ultimately show "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target ∧ enc_weakly_respects_barbs ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barbs TRel TWB ∧ rel_weakly_respects_barb_set TRel TWB {success}" by fast qed lemma (in encoding_wrt_barbs) OC_SS_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success}) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success})" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barb_set TRel TWB {success}" and A2: "rel_weakly_reflects_barb_set TRel TWB {success}" and A3: "enc_weakly_preserves_barb_set {success}" and A4: "enc_weakly_reflects_barb_set {success}" and A5: "preorder TRel" from A5 have A6: "TRel⇧+ = TRel" using trancl_id[of TRel] preorder_on_def by blast from A5 have A7: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding refl_on_def preorder_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A6 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A7 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete TRel" and "operational_sound TRel" and "weak_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target* Q' ⟶ (∃P'. P ⟼Target* P' ∧ (P', Q') ∈ TRel)" with Rel_def A6 A7 have B4: "weak_reduction_bisimulation Rel (STCal Source Target)" using OC_iff_indRelRTPO_is_weak_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A5 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by blast from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_weakly_respects_success[where TRel="TRel" and success="success"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using B1 B2 B3 B4 B5 B6 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" from this obtain Rel where C1: "(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel)" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel)" and C4: "weak_reduction_bisimulation Rel (STCal Source Target)" and C5: "preorder Rel" and C6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast hence "operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target" using OC_wrt_preorder_iff_weak_reduction_bisimulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using C1 C6 by blast hence "enc_weakly_respects_barb_set {success}" using success_sensitive_iff_source_target_rel_weakly_respects_success by simp moreover have "rel_weakly_respects_barb_set TRel TWB {success}" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>success" hence "TargetTerm TP⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>success" using C6 by blast thus "TQ⇓<TWB>success" using STCalWB_reachesBarbST by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>success" hence "TargetTerm TQ⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>success" using C6 by blast thus "TP⇓<TWB>success" using STCalWB_reachesBarbST by blast qed ultimately show "operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success}" by fast qed lemma (in encoding_wrt_barbs) OC_SS_RB_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target ∧ enc_weakly_respects_barbs ∧ rel_weakly_respects_barbs TRel TWB ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success}) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success})" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barbs TRel TWB" and A2: "rel_weakly_reflects_barbs TRel TWB" and A3: "enc_weakly_preserves_barbs" and A4: "enc_weakly_reflects_barbs" and A5: "preorder TRel" from A5 have A6: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast from A5 have A7: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding preorder_on_def refl_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A6 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A7 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete TRel" and "operational_sound TRel" and "weak_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target* Q' ⟶ (∃P'. P ⟼Target* P' ∧ (P', Q') ∈ TRel)" with Rel_def A6 A7 have B4: "weak_reduction_bisimulation Rel (STCal Source Target)" using OC_iff_indRelRTPO_is_weak_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A5 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by blast from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" using enc_and_TRel_impl_indRelRTPO_weakly_respects_barbs[where TRel="TRel"] by blast hence B7: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using B1 B2 B3 B4 B5 B6 B7 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" from this obtain Rel where C1: "(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel)" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel)" and C4: "weak_reduction_bisimulation Rel (STCal Source Target)" and C5: "preorder Rel" and C6: "rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast hence "operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target" using OC_wrt_preorder_iff_weak_reduction_bisimulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" apply (rule exI) using C1 C6 by blast hence "enc_weakly_respects_barbs" using enc_weakly_respects_barbs_iff_source_target_rel by simp moreover hence "enc_weakly_respects_barb_set {success}" by simp moreover have "rel_weakly_respects_barbs TRel TWB" proof auto fix TP TQ x TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>x" hence "TargetTerm TP⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>x" using C6 by blast thus "TQ⇓<TWB>x" using STCalWB_reachesBarbST by blast next fix TP TQ x TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>x" hence "TargetTerm TQ⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>x" using C6 by blast thus "TP⇓<TWB>x" using STCalWB_reachesBarbST by blast qed moreover hence "rel_weakly_respects_barb_set TRel TWB {success}" by blast ultimately show "operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target ∧ enc_weakly_respects_barbs ∧ rel_weakly_respects_barbs TRel TWB ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success}" by fast qed text ‹An encoding is success sensitive and weakly operational corresponding w.r.t. a correspondence simulation TRel that respects success iff there exists a correspondence simultion that includes TRel and respects success. The same holds if we consider not only success sensitiveness but barb sensitiveness in general.› lemma (in encoding_wrt_barbs) WOC_SS_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success}) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success})" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barb_set TRel TWB {success}" and A2: "rel_weakly_reflects_barb_set TRel TWB {success}" and A3: "enc_weakly_preserves_barb_set {success}" and A4: "enc_weakly_reflects_barb_set {success}" and A5: "preorder TRel" from A5 have A6: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast from A5 A6 have A7: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding preorder_on_def refl_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A6 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A7 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete TRel" and "weakly_operational_sound TRel" and "weak_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target* Q' ⟶ (∃P'' Q''. P ⟼Target* P'' ∧ Q' ⟼Target* Q'' ∧ (P'', Q'') ∈ TRel)" with Rel_def A6 A7 have B4: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" using WOC_iff_indRelRTPO_is_reduction_correspondence_simulation[where TRel="TRel"] by simp from Rel_def A5 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by blast from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_weakly_respects_success[where TRel="TRel" and success="success"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using B1 B2 B3 B4 B5 B6 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" from this obtain Rel where C1: "(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel)" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel)" and C4: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" and C5: "preorder Rel" and C6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target)" by blast hence "weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target" using WOC_wrt_preorder_iff_reduction_correspondence_simulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using C1 C6 by blast hence "enc_weakly_respects_barb_set {success}" using success_sensitive_iff_source_target_rel_weakly_respects_success by simp moreover have "rel_weakly_respects_barb_set TRel TWB {success}" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>success" hence "TargetTerm TP⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>success" using C6 by blast thus "TQ⇓<TWB>success" using STCalWB_reachesBarbST by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>success" hence "TargetTerm TQ⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>success" using C6 by blast thus "TP⇓<TWB>success" using STCalWB_reachesBarbST by blast qed ultimately show "weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success}" by fast qed lemma (in encoding_wrt_barbs) WOC_SS_RB_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target ∧ enc_weakly_respects_barbs ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barbs TRel TWB ∧ rel_weakly_respects_barb_set TRel TWB {success}) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success})" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barb_set TRel TWB {success}" and A2: "rel_weakly_reflects_barb_set TRel TWB {success}" and A3: "enc_weakly_preserves_barb_set {success}" and A4: "enc_weakly_reflects_barb_set {success}" and A5: "preorder TRel" and A1': "rel_weakly_preserves_barbs TRel TWB" and A2': "rel_weakly_reflects_barbs TRel TWB" and A3': "enc_weakly_preserves_barbs" and A4': "enc_weakly_reflects_barbs" from A5 have A6: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast from A5 A6 have A7: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding preorder_on_def refl_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A6 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A7 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete TRel" and "weakly_operational_sound TRel" and "weak_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target* Q' ⟶ (∃P'' Q''. P ⟼Target* P'' ∧ Q' ⟼Target* Q'' ∧ (P'', Q'') ∈ TRel)" with Rel_def A6 A7 have B4: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" using WOC_iff_indRelRTPO_is_reduction_correspondence_simulation[where TRel="TRel"] by simp from Rel_def A5 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by blast from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_weakly_respects_success[where TRel="TRel" and success="success"] by blast from Rel_def A1' A2' A3' A4' have B7: "rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" using enc_and_TRel_impl_indRelRTPO_weakly_respects_barbs[where TRel="TRel"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using B1 B2 B3 B4 B5 B6 B7 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" from this obtain Rel where C1: "(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel)" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel)" and C4: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" and C5: "preorder Rel" and C7: "rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target)" by blast hence "weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target" using WOC_wrt_preorder_iff_reduction_correspondence_simulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barbs Rel (STCalWB SWB TWB)" apply (rule exI) using C1 C7 by blast hence D1: "enc_weakly_respects_barbs" using enc_weakly_respects_barbs_iff_source_target_rel by simp moreover from D1 have "enc_weakly_respects_barb_set {success}" by simp moreover have D2: "rel_weakly_respects_barbs TRel TWB" proof auto fix TP TQ x TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>x" hence "TargetTerm TP⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>x" using C7 by blast thus "TQ⇓<TWB>x" using STCalWB_reachesBarbST by blast next fix TP TQ x TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>x" hence "TargetTerm TQ⇓<STCalWB SWB TWB>x" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>x" using C7 by blast thus "TP⇓<TWB>x" using STCalWB_reachesBarbST by blast qed moreover from D2 have "rel_weakly_respects_barb_set TRel TWB {success}" by blast ultimately show "weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target ∧ enc_weakly_respects_barbs ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barbs TRel TWB ∧ rel_weakly_respects_barb_set TRel TWB {success}" by fast qed text ‹An encoding is strongly success sensitive and strongly operational corresponding w.r.t. a strong bisimulation TRel that strongly respects success iff there exists a strong bisimultion that includes TRel and strongly respects success. The same holds if we consider not only strong success sensitiveness but strong barb sensitiveness in general.› lemma (in encoding_wrt_barbs) SOC_SS_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target ∧ enc_respects_barb_set {success} ∧ rel_respects_barb_set TRel TWB {success}) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success})" proof (rule iffI, (erule conjE)+) assume A1: "rel_preserves_barb_set TRel TWB {success}" and A2: "rel_reflects_barb_set TRel TWB {success}" and A3: "enc_preserves_barb_set {success}" and A4: "enc_reflects_barb_set {success}" and A5: "preorder TRel" from A5 have A6: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast from A5 A6 have A7: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding preorder_on_def refl_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A6 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A7 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "strongly_operational_complete TRel" and "strongly_operational_sound TRel" and "strong_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target Q' ⟶ (∃P'. P ⟼Target P' ∧ (P', Q') ∈ TRel)" with Rel_def A6 A7 have B4: "strong_reduction_bisimulation Rel (STCal Source Target)" using SOC_iff_indRelRTPO_is_strong_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A5 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by blast from Rel_def A1 A2 A3 A4 have B6: "rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_respects_success[where TRel="TRel" and success="success"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using B1 B2 B3 B4 B5 B6 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" from this obtain Rel where C1: "(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel)" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel)" and C4: "strong_reduction_bisimulation Rel (STCal Source Target)" and C5: "preorder Rel" and C6: "rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" by blast hence "strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target" using SOC_wrt_preorder_iff_strong_reduction_bisimulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using C1 C6 by blast hence "enc_respects_barb_set {success}" using success_sensitive_iff_source_target_rel_respects_success by simp moreover have "rel_respects_barb_set TRel TWB {success}" proof auto fix TP TQ assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP↓<TWB>success" hence "TargetTerm TP↓<STCalWB SWB TWB>success" using STCalWB_hasBarbST by blast ultimately have "TargetTerm TQ↓<STCalWB SWB TWB>success" using C6 by blast thus "TQ↓<TWB>success" using STCalWB_hasBarbST by blast next fix TP TQ assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ↓<TWB>success" hence "TargetTerm TQ↓<STCalWB SWB TWB>success" using STCalWB_hasBarbST by blast ultimately have "TargetTerm TP↓<STCalWB SWB TWB>success" using C6 by blast thus "TP↓<TWB>success" using STCalWB_hasBarbST by blast qed ultimately show "strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target ∧ enc_respects_barb_set {success} ∧ rel_respects_barb_set TRel TWB {success}" by fast qed lemma (in encoding_wrt_barbs) SOC_SS_RB_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target ∧ enc_respects_barbs ∧ rel_respects_barbs TRel TWB ∧ enc_respects_barb_set {success} ∧ rel_respects_barb_set TRel TWB {success}) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success})" proof (rule iffI, (erule conjE)+) assume A1: "rel_preserves_barbs TRel TWB" and A2: "rel_reflects_barbs TRel TWB" and A3: "enc_preserves_barbs" and A4: "enc_reflects_barbs" and A5: "preorder TRel" from A5 have A6: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast from A5 have A7: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding preorder_on_def refl_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A6 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A7 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "strongly_operational_complete TRel" and "strongly_operational_sound TRel" and "strong_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target Q' ⟶ (∃P'. P ⟼Target P' ∧ (P', Q') ∈ TRel)" with Rel_def A6 A7 have B4: "strong_reduction_bisimulation Rel (STCal Source Target)" using SOC_iff_indRelRTPO_is_strong_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A5 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by blast from Rel_def A1 A2 A3 A4 have B6: "rel_respects_barbs Rel (STCalWB SWB TWB)" using enc_and_TRel_impl_indRelRTPO_respects_barbs[where TRel="TRel"] by blast hence B7: "rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" apply (rule exI) using B1 B2 B3 B4 B5 B6 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barbs Rel (STCalWB SWB TWB) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" from this obtain Rel where C1: "(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel)" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "(∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel)" and C4: "strong_reduction_bisimulation Rel (STCal Source Target)" and C5: "preorder Rel" and C6: "rel_respects_barbs Rel (STCalWB SWB TWB)" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" by blast hence "strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target" using SOC_wrt_preorder_iff_strong_reduction_bisimulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_barbs Rel (STCalWB SWB TWB)" apply (rule exI) using C1 C6 by blast hence "enc_respects_barbs" using enc_respects_barbs_iff_source_target_rel by simp moreover hence "enc_respects_barb_set {success}" by simp moreover have "rel_respects_barbs TRel TWB" proof auto fix TP TQ x assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP↓<TWB>x" hence "TargetTerm TP↓<STCalWB SWB TWB>x" using STCalWB_hasBarbST by blast ultimately have "TargetTerm TQ↓<STCalWB SWB TWB>x" using C6 by blast thus "TQ↓<TWB>x" using STCalWB_hasBarbST by blast next fix TP TQ x assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ↓<TWB>x" hence "TargetTerm TQ↓<STCalWB SWB TWB>x" using STCalWB_hasBarbST by blast ultimately have "TargetTerm TP↓<STCalWB SWB TWB>x" using C6 by blast thus "TP↓<TWB>x" using STCalWB_hasBarbST by blast qed moreover hence "rel_respects_barb_set TRel TWB {success}" by blast ultimately show "strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target ∧ enc_respects_barbs ∧ rel_respects_barbs TRel TWB ∧ enc_respects_barb_set {success} ∧ rel_respects_barb_set TRel TWB {success}" by fast qed text ‹Next we also add divergence reflection to operational correspondence and success sensitiveness.› lemma (in encoding) enc_and_TRelimpl_indRelRTPO_reflect_divergence: fixes TRel :: "('procT × 'procT) set" assumes encRD: "enc_reflects_divergence" and trelRD: "rel_reflects_divergence TRel Target" shows "rel_reflects_divergence (indRelRTPO TRel) (STCal Source Target)" proof auto fix P Q assume "P ≲⟦⋅⟧RT<TRel> Q" and "Q ⟼(STCal Source Target)ω" thus "P ⟼(STCal Source Target)ω" proof induct case (encR S) assume "TargetTerm (⟦S⟧) ⟼(STCal Source Target)ω" hence "⟦S⟧ ⟼(Target)ω" by (simp add: STCal_divergent(2)) with encRD have "S ⟼(Source)ω" by simp thus "SourceTerm S ⟼(STCal Source Target)ω" by (simp add: STCal_divergent(1)) next case (source S) assume "SourceTerm S ⟼(STCal Source Target)ω" thus "SourceTerm S ⟼(STCal Source Target)ω" by simp next case (target T1 T2) assume "(T1, T2) ∈ TRel" moreover assume "TargetTerm T2 ⟼(STCal Source Target)ω" hence "T2 ⟼(Target)ω" by (simp add: STCal_divergent(2)) ultimately have "T1 ⟼(Target)ω" using trelRD by blast thus "TargetTerm T1 ⟼(STCal Source Target)ω" by (simp add: STCal_divergent(2)) next case (trans P Q R) assume "R ⟼(STCal Source Target)ω" and "R ⟼(STCal Source Target)ω ⟹ Q ⟼(STCal Source Target)ω" and "Q ⟼(STCal Source Target)ω ⟹ P ⟼(STCal Source Target)ω" thus "P ⟼(STCal Source Target)ω" by simp qed qed lemma (in encoding_wrt_barbs) OC_SS_DR_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success} ∧ enc_reflects_divergence ∧ rel_reflects_divergence TRel Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target))" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barb_set TRel TWB {success}" and A2: "rel_weakly_reflects_barb_set TRel TWB {success}" and A3: "enc_weakly_preserves_barb_set {success}" and A4: "enc_weakly_reflects_barb_set {success}" and A5: "rel_reflects_divergence TRel Target" and A6: "enc_reflects_divergence" define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def have B2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" by (simp add: indRelRTPO.target) from Rel_def have B3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by (simp add: indRelRTPO_to_TRel(4)[where TRel="TRel"]) from Rel_def have B4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete (TRel⇧*)" and "operational_sound (TRel⇧*)" and "weak_reduction_simulation (TRel⇧+) Target" and "∀P Q Q'. (P, Q) ∈ TRel⇧+ ∧ Q ⟼Target* Q' ⟶ (∃P'. P ⟼Target* P' ∧ (P', Q') ∈ TRel⇧+)" with Rel_def have B5: "weak_reduction_bisimulation Rel (STCal Source Target)" using OC_iff_indRelRTPO_is_weak_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_weakly_respects_success[where TRel="TRel" and success="success"] by blast from Rel_def A5 A6 have B7: "rel_reflects_divergence Rel (STCal Source Target)" using enc_and_TRelimpl_indRelRTPO_reflect_divergence[where TRel="TRel"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" apply (rule exI) using B1 B2 B3 B4 B5 B6 B7 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" from this obtain Rel where C1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and C2: "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" and C3: "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" and C4: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" and C5: "weak_reduction_bisimulation Rel (STCal Source Target)" and C6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" and C7: "rel_reflects_divergence Rel (STCal Source Target)" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast hence "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target" using OC_iff_weak_reduction_bisimulation[where TRel="TRel"] by auto moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" apply (rule exI) using C1 C6 C7 by blast hence "enc_weakly_respects_barb_set {success} ∧ enc_reflects_divergence" using WSS_DR_iff_source_target_rel by auto moreover have "rel_weakly_respects_barb_set TRel TWB {success}" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>success" hence "TargetTerm TP⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>success" using C6 by blast thus "TQ⇓<TWB>success" using STCalWB_reachesBarbST by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>success" hence "TargetTerm TQ⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>success" using C6 by blast thus "TP⇓<TWB>success" using STCalWB_reachesBarbST by blast qed moreover from C2 C7 have "rel_reflects_divergence TRel Target" using STCal_divergent(2) by blast ultimately show "operational_corresponding (TRel⇧*) ∧ weak_reduction_bisimulation (TRel⇧+) Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success} ∧ enc_reflects_divergence ∧ rel_reflects_divergence TRel Target" by fast qed lemma (in encoding_wrt_barbs) WOC_SS_DR_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success} ∧ enc_reflects_divergence ∧ rel_reflects_divergence TRel Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target))" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barb_set TRel TWB {success}" and A2: "rel_weakly_reflects_barb_set TRel TWB {success}" and A3: "enc_weakly_preserves_barb_set {success}" and A4: "enc_weakly_reflects_barb_set {success}" and A5: "rel_reflects_divergence TRel Target" and A6: "enc_reflects_divergence" and A7: "preorder TRel" from A7 have A8: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast from A7 have A9: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding preorder_on_def refl_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A8 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A9 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete TRel" and "weakly_operational_sound TRel" and "preorder TRel" and "weak_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target* Q' ⟶ (∃P'' Q''. P ⟼Target* P'' ∧ Q' ⟼Target* Q'' ∧ (P'', Q'') ∈ TRel)" with Rel_def A8 A9 have B4: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" using WOC_iff_indRelRTPO_is_reduction_correspondence_simulation[where TRel="TRel"] by simp from Rel_def A7 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by simp from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_weakly_respects_success[where TRel="TRel" and success="success"] by blast from Rel_def A5 A6 have B7: "rel_reflects_divergence Rel (STCal Source Target)" using enc_and_TRelimpl_indRelRTPO_reflect_divergence[where TRel="TRel"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" apply (rule exI) using B1 B2 B3 B4 B5 B6 B7 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" from this obtain Rel where C1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" and C4: "weak_reduction_correspondence_simulation Rel (STCal Source Target)" and C5: "preorder Rel" and C6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" and C7: "rel_reflects_divergence Rel (STCal Source Target)" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_correspondence_simulation Rel (STCal Source Target)" by blast hence "weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target" using WOC_wrt_preorder_iff_reduction_correspondence_simulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" apply (rule exI) using C1 C6 C7 by blast hence "enc_weakly_respects_barb_set {success} ∧ enc_reflects_divergence" using WSS_DR_iff_source_target_rel by simp moreover have "rel_weakly_respects_barb_set TRel TWB {success}" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>success" hence "TargetTerm TP⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>success" using C6 by blast thus "TQ⇓<TWB>success" using STCalWB_reachesBarbST by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>success" hence "TargetTerm TQ⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>success" using C6 by blast thus "TP⇓<TWB>success" using STCalWB_reachesBarbST by blast qed moreover from C2 C7 have "rel_reflects_divergence TRel Target" using STCal_divergent(2) by blast ultimately show "weakly_operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_correspondence_simulation TRel Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success} ∧ enc_reflects_divergence ∧ rel_reflects_divergence TRel Target" by fast qed lemma (in encoding_wrt_barbs) OC_SS_DR_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success} ∧ enc_reflects_divergence ∧ rel_reflects_divergence TRel Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target))" proof (rule iffI, (erule conjE)+) assume A1: "rel_weakly_preserves_barb_set TRel TWB {success}" and A2: "rel_weakly_reflects_barb_set TRel TWB {success}" and A3: "enc_weakly_preserves_barb_set {success}" and A4: "enc_weakly_reflects_barb_set {success}" and A5: "rel_reflects_divergence TRel Target" and A6: "enc_reflects_divergence" and A7: "preorder TRel" from A7 have A8: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast from A7 have A9: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding preorder_on_def refl_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A8 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A9 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "operational_complete TRel" and "operational_sound TRel" and "preorder TRel" and "weak_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target* Q' ⟶ (∃P'. P ⟼Target* P' ∧ (P', Q') ∈ TRel)" with Rel_def A8 A9 have B4: "weak_reduction_bisimulation Rel (STCal Source Target)" using OC_iff_indRelRTPO_is_weak_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A7 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by simp from Rel_def A1 A2 A3 A4 have B6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_weakly_respects_success[where TRel="TRel" and success="success"] by blast from Rel_def A5 A6 have B7: "rel_reflects_divergence Rel (STCal Source Target)" using enc_and_TRelimpl_indRelRTPO_reflect_divergence[where TRel="TRel"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" apply (rule exI) using B1 B2 B3 B4 B5 B6 B7 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ weak_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" from this obtain Rel where C1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" and C4: "weak_reduction_bisimulation Rel (STCal Source Target)" and C5: "preorder Rel" and C6: "rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success}" and C7: "rel_reflects_divergence Rel (STCal Source Target)" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast hence "operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target" using OC_wrt_preorder_iff_weak_reduction_bisimulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_weakly_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" apply (rule exI) using C1 C6 C7 by blast hence "enc_weakly_respects_barb_set {success} ∧ enc_reflects_divergence" using WSS_DR_iff_source_target_rel by simp moreover have "rel_weakly_respects_barb_set TRel TWB {success}" proof auto fix TP TQ TP' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP ⟼(Calculus TWB)* TP'" and "TP'↓<TWB>success" hence "TargetTerm TP⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TQ⇓<STCalWB SWB TWB>success" using C6 by blast thus "TQ⇓<TWB>success" using STCalWB_reachesBarbST by blast next fix TP TQ TQ' assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ ⟼(Calculus TWB)* TQ'" and "TQ'↓<TWB>success" hence "TargetTerm TQ⇓<STCalWB SWB TWB>success" using STCalWB_reachesBarbST by blast ultimately have "TargetTerm TP⇓<STCalWB SWB TWB>success" using C6 by blast thus "TP⇓<TWB>success" using STCalWB_reachesBarbST by blast qed moreover from C2 C7 have "rel_reflects_divergence TRel Target" using STCal_divergent(2) by blast ultimately show "operational_corresponding TRel ∧ preorder TRel ∧ weak_reduction_bisimulation TRel Target ∧ enc_weakly_respects_barb_set {success} ∧ rel_weakly_respects_barb_set TRel TWB {success} ∧ enc_reflects_divergence ∧ rel_reflects_divergence TRel Target" by fast qed lemma (in encoding_wrt_barbs) SOC_SS_DR_wrt_preorder_iff_source_target_rel: fixes success :: "'barbs" and TRel :: "('procT × 'procT) set" shows "(strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target ∧ enc_respects_barb_set {success} ∧ rel_respects_barb_set TRel TWB {success} ∧ enc_reflects_divergence ∧ rel_reflects_divergence TRel Target) = (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target))" proof (rule iffI, (erule conjE)+) assume A1: "rel_preserves_barb_set TRel TWB {success}" and A2: "rel_reflects_barb_set TRel TWB {success}" and A3: "enc_preserves_barb_set {success}" and A4: "enc_reflects_barb_set {success}" and A5: "rel_reflects_divergence TRel Target" and A6: "enc_reflects_divergence" and A7: "preorder TRel" from A7 have A8: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding preorder_on_def by blast from A7 have A9: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding preorder_on_def refl_on_def by auto define Rel where "Rel = indRelRTPO TRel" hence B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by (simp add: indRelRTPO.encR) from Rel_def A8 have B2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" using indRelRTPO_to_TRel(4)[where TRel="TRel"] by (auto simp add: indRelRTPO.target) from Rel_def A9 have B3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" using indRelRTPO_to_TRel(2)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by simp assume "strongly_operational_complete TRel" and "strongly_operational_sound TRel" and "preorder TRel" and "strong_reduction_simulation TRel Target" and "∀P Q Q'. (P, Q) ∈ TRel ∧ Q ⟼Target Q' ⟶ (∃P'. P ⟼Target P' ∧ (P', Q') ∈ TRel)" with Rel_def A8 A9 have B4: "strong_reduction_bisimulation Rel (STCal Source Target)" using SOC_iff_indRelRTPO_is_strong_reduction_bisimulation[where TRel="TRel"] by simp from Rel_def A7 have B5: "preorder Rel" using indRelRTPO_is_preorder[where TRel="TRel"] unfolding preorder_on_def by simp from Rel_def A1 A2 A3 A4 have B6: "rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" using enc_and_TRel_impl_indRelRTPO_respects_success[where TRel="TRel" and success="success"] by blast from Rel_def A5 A6 have B7: "rel_reflects_divergence Rel (STCal Source Target)" using enc_and_TRelimpl_indRelRTPO_reflect_divergence[where TRel="TRel"] by blast show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" apply (rule exI) using B1 B2 B3 B4 B5 B6 B7 by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ strong_reduction_bisimulation Rel (STCal Source Target) ∧ preorder Rel ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" from this obtain Rel where C1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" and C2: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and C3: "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel" and C4: "strong_reduction_bisimulation Rel (STCal Source Target)" and C5: "preorder Rel" and C6: "rel_respects_barb_set Rel (STCalWB SWB TWB) {success}" and C7: "rel_reflects_divergence Rel (STCal Source Target)" by auto from C1 C2 C3 C4 C5 have "∃Rel.(∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel) ∧ preorder Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" by blast hence "strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target" using SOC_wrt_preorder_iff_strong_reduction_bisimulation[where TRel="TRel"] by simp moreover have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ rel_respects_barb_set Rel (STCalWB SWB TWB) {success} ∧ rel_reflects_divergence Rel (STCal Source Target)" apply (rule exI) using C1 C6 C7 by blast hence "enc_respects_barb_set {success} ∧ enc_reflects_divergence" using SS_DR_iff_source_target_rel by simp moreover have "rel_respects_barb_set TRel TWB {success}" proof auto fix TP TQ assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TP↓<TWB>success" hence "TargetTerm TP↓<STCalWB SWB TWB>success" using STCalWB_hasBarbST by blast ultimately have "TargetTerm TQ↓<STCalWB SWB TWB>success" using C6 by blast thus "TQ↓<TWB>success" using STCalWB_hasBarbST by blast next fix TP TQ assume "(TP, TQ) ∈ TRel" with C2 have "(TargetTerm TP, TargetTerm TQ) ∈ Rel" by simp moreover assume "TQ↓<TWB>success" hence "TargetTerm TQ↓<STCalWB SWB TWB>success" using STCalWB_hasBarbST by blast ultimately have "TargetTerm TP↓<STCalWB SWB TWB>success" using C6 by blast thus "TP↓<TWB>success" using STCalWB_hasBarbST by blast qed moreover from C2 C7 have "rel_reflects_divergence TRel Target" using STCal_divergent(2) by blast ultimately show "strongly_operational_corresponding TRel ∧ preorder TRel ∧ strong_reduction_bisimulation TRel Target ∧ enc_respects_barb_set {success} ∧ rel_respects_barb_set TRel TWB {success} ∧ enc_reflects_divergence ∧ rel_reflects_divergence TRel Target" by fast qed subsection ‹Full Abstraction and Operational Correspondence› text ‹To combine full abstraction and operational correspondence we consider a symmetric version of the induced relation and assume that the relations SRel and TRel are equivalences. Then an encoding is fully abstract w.r.t. SRel and TRel and operationally corresponding w.r.t. TRel such that TRel is a bisimulation iff the induced relation contains both SRel and TRel and is a transitive bisimulation.› lemma (in encoding) FS_OC_modulo_equivalences_iff_source_target_relation: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes eqS: "equivalence SRel" and eqT: "equivalence TRel" shows "fully_abstract SRel TRel ∧ operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target ⟷ (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI, erule conjE, erule conjE) assume A1: "fully_abstract SRel TRel" and A2: "operational_corresponding TRel" and A3: "weak_reduction_bisimulation TRel Target" from eqT have A4: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto have A5: "∀S. SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧) ∧ TargetTerm (⟦S⟧) ∼⟦⋅⟧T<TRel> SourceTerm S" by (simp add: indRelTEQ.encR indRelTEQ.encL) moreover from A4 have A6: "TRel = {(T1, T2). TargetTerm T1 ∼⟦⋅⟧T<TRel> TargetTerm T2}" using indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by (auto simp add: indRelTEQ.target) moreover have A7: "trans (indRelTEQ TRel)" using indRelTEQ.trans[where TRel="TRel"] unfolding trans_def by blast moreover have "SRel = {(S1, S2). SourceTerm S1 ∼⟦⋅⟧T<TRel> SourceTerm S2}" proof - from A6 have "∀S1 S2. ((⟦S1⟧, ⟦S2⟧) ∈ TRel) = TargetTerm (⟦S1⟧) ∼⟦⋅⟧T<TRel> TargetTerm (⟦S2⟧)" by blast moreover have "indRelTEQ TRel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} = indRelTEQ TRel" by (auto simp add: indRelTEQ.encL) with A7 have "trans (indRelTEQ TRel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" unfolding trans_def by blast ultimately show "SRel = {(S1, S2). SourceTerm S1 ∼⟦⋅⟧T<TRel> SourceTerm S2}" using A1 A5 full_abstraction_and_trans_relation_contains_TRel_impl_SRel[where SRel="SRel" and TRel="TRel" and Rel="indRelTEQ TRel"] by blast qed moreover from eqT A2 A3 have "weak_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" using OC_wrt_equivalence_iff_indRelTEQ_weak_reduction_bisimulation[where TRel="TRel"] by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ weak_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and B2: "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and B3: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and B4: "trans Rel" and B5: "weak_reduction_bisimulation Rel (STCal Source Target)" by blast from B1 B2 B3 B4 have "fully_abstract SRel TRel" using trans_source_target_relation_impl_fully_abstract[where Rel="Rel" and SRel="SRel" and TRel="TRel"] by blast moreover have "operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" proof - from eqT have C1: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding equiv_def by blast from eqT have C2: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto from B1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover from B3 have "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" by simp moreover from B3 C1 have "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by simp moreover have "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" proof clarify fix S T from B1 have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" by simp moreover assume "(SourceTerm S, TargetTerm T) ∈ Rel" ultimately have "(TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel" using B4 unfolding trans_def by blast with B3 C2 show "(⟦S⟧, T) ∈ TRel⇧*" by simp qed ultimately have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ weak_reduction_bisimulation Rel (STCal Source Target)" using B5 by blast with C1 C2 show "operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" using OC_iff_weak_reduction_bisimulation[where TRel="TRel"] by auto qed ultimately show "fully_abstract SRel TRel ∧ operational_corresponding TRel ∧ weak_reduction_bisimulation TRel Target" by simp qed lemma (in encoding) FA_SOC_modulo_equivalences_iff_source_target_relation: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes eqS: "equivalence SRel" and eqT: "equivalence TRel" shows "fully_abstract SRel TRel ∧ strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target ⟷ (∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target))" proof (rule iffI, erule conjE, erule conjE) assume A1: "fully_abstract SRel TRel" and A2: "strongly_operational_corresponding TRel" and A3: "strong_reduction_bisimulation TRel Target" from eqT have A4: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto have A5: "∀S. SourceTerm S ∼⟦⋅⟧T<TRel> TargetTerm (⟦S⟧) ∧ TargetTerm (⟦S⟧) ∼⟦⋅⟧T<TRel> SourceTerm S" by (simp add: indRelTEQ.encR indRelTEQ.encL) moreover from A4 have A6: "TRel = {(T1, T2). TargetTerm T1 ∼⟦⋅⟧T<TRel> TargetTerm T2}" using indRelTEQ_to_TRel(4)[where TRel="TRel"] trans_closure_of_TRel_refl_cond[where TRel="TRel"] by (auto simp add: indRelTEQ.target) moreover have A7: "trans (indRelTEQ TRel)" using indRelTEQ.trans[where TRel="TRel"] unfolding trans_def by blast moreover have "SRel = {(S1, S2). SourceTerm S1 ∼⟦⋅⟧T<TRel> SourceTerm S2}" proof - from A6 have "∀S1 S2. ((⟦S1⟧, ⟦S2⟧) ∈ TRel) = TargetTerm (⟦S1⟧) ∼⟦⋅⟧T<TRel> TargetTerm (⟦S2⟧)" by blast moreover have "indRelTEQ TRel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q} = indRelTEQ TRel" by (auto simp add: indRelTEQ.encL) with A7 have "trans (indRelTEQ TRel ∪ {(P, Q). ∃S. ⟦S⟧ ∈T P ∧ S ∈S Q})" unfolding trans_def by blast ultimately show "SRel = {(S1, S2). SourceTerm S1 ∼⟦⋅⟧T<TRel> SourceTerm S2}" using A1 A5 full_abstraction_and_trans_relation_contains_TRel_impl_SRel[where SRel="SRel" and TRel="TRel" and Rel="indRelTEQ TRel"] by blast qed moreover from eqT A2 A3 have "strong_reduction_bisimulation (indRelTEQ TRel) (STCal Source Target)" using SOC_wrt_equivalence_iff_indRelTEQ_strong_reduction_bisimulation[where TRel="TRel"] by blast ultimately show "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" by blast next assume "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel) ∧ SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel} ∧ TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel} ∧ trans Rel ∧ strong_reduction_bisimulation Rel (STCal Source Target)" from this obtain Rel where B1: "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel ∧ (TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" and B2: "SRel = {(S1, S2). (SourceTerm S1, SourceTerm S2) ∈ Rel}" and B3: "TRel = {(T1, T2). (TargetTerm T1, TargetTerm T2) ∈ Rel}" and B4: "trans Rel" and B5: "strong_reduction_bisimulation Rel (STCal Source Target)" by blast from B1 B2 B3 B4 have "fully_abstract SRel TRel" using trans_source_target_relation_impl_fully_abstract[where Rel="Rel" and SRel="SRel" and TRel="TRel"] by blast moreover have "strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target" proof - from eqT have C1: "TRel⇧+ = TRel" using trancl_id[of TRel] unfolding equiv_def refl_on_def by blast from eqT have C2: "TRel⇧* = TRel" using reflcl_trancl[of TRel] trancl_id[of TRel] unfolding equiv_def refl_on_def by auto from B1 have "∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel" by simp moreover from B3 have "∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel" by simp moreover from B3 C1 have "∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+" by simp moreover have "∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*" proof clarify fix S T from B1 have "(TargetTerm (⟦S⟧), SourceTerm S) ∈ Rel" by simp moreover assume "(SourceTerm S, TargetTerm T) ∈ Rel" ultimately have "(TargetTerm (⟦S⟧), TargetTerm T) ∈ Rel" using B4 unfolding trans_def by blast with B3 C2 show "(⟦S⟧, T) ∈ TRel⇧*" by simp qed ultimately have "∃Rel. (∀S. (SourceTerm S, TargetTerm (⟦S⟧)) ∈ Rel) ∧ (∀T1 T2. (T1, T2) ∈ TRel ⟶ (TargetTerm T1, TargetTerm T2) ∈ Rel) ∧ (∀T1 T2. (TargetTerm T1, TargetTerm T2) ∈ Rel ⟶ (T1, T2) ∈ TRel⇧+) ∧ (∀S T. (SourceTerm S, TargetTerm T) ∈ Rel ⟶ (⟦S⟧, T) ∈ TRel⇧*) ∧ strong_reduction_bisimulation Rel (STCal Source Target)" using B5 by blast with C1 C2 show "strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target" using SOC_iff_strong_reduction_bisimulation[where TRel="TRel"] by auto qed ultimately show "fully_abstract SRel TRel ∧ strongly_operational_corresponding TRel ∧ strong_reduction_bisimulation TRel Target" by simp qed text ‹An encoding that is fully abstract w.r.t. the equivalences SRel and TRel and operationally corresponding w.r.t. TRel ensures that SRel is a bisimulation iff TRel is a bisimulation. › lemma (in encoding) FA_and_OC_and_TRel_impl_SRel_bisimulation: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and opCom: "operational_complete TRel" and opSou: "operational_sound TRel" and symmT: "sym TRel" and transT: "trans TRel" and bisimT: "weak_reduction_bisimulation TRel Target" shows "weak_reduction_bisimulation SRel Source" proof auto fix SP SQ SP' assume "SP ⟼Source* SP'" with opCom obtain TP' where A1: "⟦SP⟧ ⟼Target* TP'" and A2: "(⟦SP'⟧, TP') ∈ TRel" by blast assume "(SP, SQ) ∈ SRel" with fullAbs have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp with bisimT A1 obtain TQ' where A3: "⟦SQ⟧ ⟼Target* TQ'" and A4: "(TP', TQ') ∈ TRel" by blast from A3 opSou obtain SQ' where A5: "SQ ⟼Source* SQ'" and A6: "(⟦SQ'⟧, TQ') ∈ TRel" by blast from A2 A4 A6 symmT transT have "(⟦SP'⟧, ⟦SQ'⟧) ∈ TRel" unfolding trans_def sym_def by blast with fullAbs A5 show "∃SQ'. SQ ⟼Source* SQ' ∧ (SP', SQ') ∈ SRel" by blast next fix SP SQ SQ' assume "SQ ⟼Source* SQ'" with opCom obtain TQ' where B1: "⟦SQ⟧ ⟼Target* TQ'" and B2: "(⟦SQ'⟧, TQ') ∈ TRel" by blast assume "(SP, SQ) ∈ SRel" with fullAbs have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp with bisimT B1 obtain TP' where B3: "⟦SP⟧ ⟼Target* TP'" and B4: "(TP', TQ') ∈ TRel" by blast from B3 opSou obtain SP' where B5: "SP ⟼Source* SP'" and B6: "(⟦SP'⟧, TP') ∈ TRel" by blast from B2 B4 B6 symmT transT have "(⟦SP'⟧, ⟦SQ'⟧) ∈ TRel" unfolding trans_def sym_def by blast with fullAbs B5 show "∃SP'. SP ⟼Source* SP' ∧ (SP', SQ') ∈ SRel" by blast qed lemma (in encoding) FA_and_SOC_and_TRel_impl_SRel_strong_bisimulation: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and opCom: "strongly_operational_complete TRel" and opSou: "strongly_operational_sound TRel" and symmT: "sym TRel" and transT: "trans TRel" and bisimT: "strong_reduction_bisimulation TRel Target" shows "strong_reduction_bisimulation SRel Source" proof auto fix SP SQ SP' assume "SP ⟼Source SP'" with opCom obtain TP' where A1: "⟦SP⟧ ⟼Target TP'" and A2: "(⟦SP'⟧, TP') ∈ TRel" by blast assume "(SP, SQ) ∈ SRel" with fullAbs have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp with bisimT A1 obtain TQ' where A3: "⟦SQ⟧ ⟼Target TQ'" and A4: "(TP', TQ') ∈ TRel" by blast from A3 opSou obtain SQ' where A5: "SQ ⟼Source SQ'" and A6: "(⟦SQ'⟧, TQ') ∈ TRel" by blast from A2 A4 A6 symmT transT have "(⟦SP'⟧, ⟦SQ'⟧) ∈ TRel" unfolding trans_def sym_def by blast with fullAbs A5 show "∃SQ'. SQ ⟼Source SQ' ∧ (SP', SQ') ∈ SRel" by blast next fix SP SQ SQ' assume "SQ ⟼Source SQ'" with opCom obtain TQ' where B1: "⟦SQ⟧ ⟼Target TQ'" and B2: "(⟦SQ'⟧, TQ') ∈ TRel" by blast assume "(SP, SQ) ∈ SRel" with fullAbs have "(⟦SP⟧, ⟦SQ⟧) ∈ TRel" by simp with bisimT B1 obtain TP' where B3: "⟦SP⟧ ⟼Target TP'" and B4: "(TP', TQ') ∈ TRel" by blast from B3 opSou obtain SP' where B5: "SP ⟼Source SP'" and B6: "(⟦SP'⟧, TP') ∈ TRel" by blast from B2 B4 B6 symmT transT have "(⟦SP'⟧, ⟦SQ'⟧) ∈ TRel" unfolding trans_def sym_def by blast with fullAbs B5 show "∃SP'. SP ⟼Source SP' ∧ (SP', SQ') ∈ SRel" by blast qed lemma (in encoding) FA_and_OC_impl_SRel_iff_TRel_bisimulation: fixes SRel :: "('procS × 'procS) set" and TRel :: "('procT × 'procT) set" assumes fullAbs: "fully_abstract SRel TRel" and opCor: "operational_corresponding TRel" and symmT: "sym TRel" and transT: "trans TRel" and surj: "∀T. ∃S. T = ⟦S⟧" shows "weak_reduction_bisimulation SRel Source ⟷ weak_reduction_bisimulation TRel Target" proof assume bisimS: "weak_reduction_bisimulation SRel Source" have "weak_reduction_simulation TRel Target" proof clarify fix TP TQ TP' from surj have "∃S. TP = ⟦S⟧" by simp from this obtain SP where A1: "⟦SP⟧ = TP" by blast from surj have "∃S. TQ = ⟦S⟧" by simp from this obtain SQ where A2: "⟦SQ⟧ = TQ" by blast assume "TP ⟼Target* TP'" with opCor A1 obtain SP' where A3: "SP ⟼Source* SP'" and A4: "(⟦SP'⟧, TP') ∈ TRel" by blast assume "(TP, TQ) ∈ TRel" with fullAbs A1 A2 have "(SP, SQ) ∈ SRel" by simp with bisimS A3 obtain SQ' where A5: "SQ ⟼Source* SQ'" and A6: "(SP', SQ') ∈ SRel" by blast from opCor A2 A5 obtain TQ' where A7: "TQ ⟼Target* TQ'" and A8: "(⟦SQ'⟧, TQ') ∈ TRel" by blast from symmT A4 have "(TP', ⟦SP'⟧) ∈ TRel" unfolding sym_def by simp moreover from fullAbs A6 have "(⟦SP'⟧, ⟦SQ'⟧) ∈ TRel" by simp ultimately have "(TP', TQ') ∈ TRel" using transT A8 unfolding trans_def by blast with A7 show "∃TQ'. TQ ⟼Target* TQ' ∧ (TP', TQ') ∈ TRel" by blast qed with symmT show "weak_reduction_bisimulation TRel Target" using symm_weak_reduction_simulation_is_bisimulation[where Rel="TRel" and Cal="Target"] by blast next assume "weak_reduction_bisimulation TRel Target" with fullAbs opCor symmT transT show "weak_reduction_bisimulation SRel Source" using FA_and_OC_and_TRel_impl_SRel_bisimulation[where SRel="SRel" and TRel="TRel"] by blast qed end